Thanks for that. Could you give me more info on those problems in 10.1.24-29, like links to the issues?
From: Mark Thomas <ma...@apache.org> Sent: Sunday, September 15, 2024 9:14 AM To: users@tomcat.apache.org Subject: Re: Question about upgrading tomcat-embed-core from 10.1.20 to 10.1.25 On 15/09/2024 00: 37, KARR, DAVID wrote: > We build SpringBoot applications that reference "tomcat-embed-core" from "spring-boot-starter-jersey". We currently end up with version 10. 1. 20 of tomcat-embed-core, using spring-boot 3. 2. 5. There On 15/09/2024 00:37, KARR, DAVID wrote: > We build SpringBoot applications that reference "tomcat-embed-core" from > "spring-boot-starter-jersey". We currently end up with version 10.1.20 of > tomcat-embed-core, using spring-boot 3.2.5. There is apparently a CVE for > that version of tomcat-embed-core (I don't have the CVE handy right now). > The resolution is to replace it with version 10.1.25. That, being a patch > version, seems like a safe upgrade from a functionality point of view. Are > there any known issues from performing that upgrade? There is a known issue with non-blocking reads and chunked encoding in 10.1.24 to 10.1.29. I'd wait for 10.1.30 in a few days (HTTP/2 is broken in 10.1.29). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org> For additional commands, e-mail: users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
