On 15/09/2024 00:37, KARR, DAVID wrote:
We build SpringBoot applications that reference "tomcat-embed-core" from "spring-boot-starter-jersey". We currently end up with version 10.1.20 of tomcat-embed-core, using spring-boot 3.2.5. There is apparently a CVE for that version of tomcat-embed-core (I don't have the CVE handy right now). The resolution is to replace it with version 10.1.25. That, being a patch version, seems like a safe upgrade from a functionality point of view. Are there any known issues from performing that upgrade?
There is a known issue with non-blocking reads and chunked encoding in 10.1.24 to 10.1.29.
I'd wait for 10.1.30 in a few days (HTTP/2 is broken in 10.1.29). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
