This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 28087eb094 Fixed: [SECURITY] CVE-2023-28708 Apache Tomcat -
Information Disclosure (OFBIZ-12782)
28087eb094 is described below
commit 28087eb09495688aa7350dc6abb3b55da541c4c5
Author: Jacques Le Roux <[email protected]>
AuthorDate: Wed Mar 22 14:09:31 2023 +0100
Fixed: [SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure
(OFBIZ-12782)
See https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.72
---
build.gradle | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index 62211719d5..39d41b63aa 100644
--- a/build.gradle
+++ b/build.gradle
@@ -260,8 +260,8 @@ dependencies {
implementation 'org.apache.tika:tika-parsers:2.5.0'
implementation 'org.apache.tika:tika-parser-pdf-module:2.5.0'
implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.5.4'
- implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.71' // Remember
to change the version number (9 now) in javadoc block if needed.
- implementation 'org.apache.tomcat:tomcat-jasper:9.0.71'
+ implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.72' // Remember
to change the version number (9 now) in javadoc block if needed.
+ implementation 'org.apache.tomcat:tomcat-jasper:9.0.72'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
implementation 'batik:batik-svg-dom:1.6-1'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4
dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
