We build SpringBoot applications that reference "tomcat-embed-core" from "spring-boot-starter-jersey". We currently end up with version 10.1.20 of tomcat-embed-core, using spring-boot 3.2.5. There is apparently a CVE for that version of tomcat-embed-core (I don't have the CVE handy right now). The resolution is to replace it with version 10.1.25. That, being a patch version, seems like a safe upgrade from a functionality point of view. Are there any known issues from performing that upgrade?
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
