> On Sep 15, 2024, at 17:03, KARR, DAVID <dk0...@att.com> wrote: > > Thanks for that. Could you give me more info on those problems in 10.1.24-29, > like links to the issues?
Look at the Coyote component in the 10.1 changelog for the details: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html The 10.1.29 HTTP/2 problem and fix are described here: https://bz.apache.org/bugzilla/show_bug.cgi?id=69320 - Chuck > From: Mark Thomas <ma...@apache.org> > Sent: Sunday, September 15, 2024 9:14 AM > To: users@tomcat.apache.org > Subject: Re: Question about upgrading tomcat-embed-core from 10.1.20 to > 10.1.25 > > On 15/09/2024 00: 37, KARR, DAVID wrote: > We build SpringBoot applications > that reference "tomcat-embed-core" from "spring-boot-starter-jersey". We > currently end up with version 10. 1. 20 of tomcat-embed-core, using > spring-boot 3. 2. 5. There > > > On 15/09/2024 00:37, KARR, DAVID wrote: > >> We build SpringBoot applications that reference "tomcat-embed-core" from >> "spring-boot-starter-jersey". We currently end up with version 10.1.20 of >> tomcat-embed-core, using spring-boot 3.2.5. There is apparently a CVE for >> that version of tomcat-embed-core (I don't have the CVE handy right now). >> The resolution is to replace it with version 10.1.25. That, being a patch >> version, seems like a safe upgrade from a functionality point of view. Are >> there any known issues from performing that upgrade? > > > There is a known issue with non-blocking reads and chunked encoding in > 10.1.24 to 10.1.29. > > I'd wait for 10.1.30 in a few days (HTTP/2 is broken in 10.1.29).
