Apache Tomcat version of jmix

f.zehnder · January 18, 2025, 3:14pm

Dear JMix Team

When I build a jar file with the actual version of jmix, there is Tomcat 10.1.31 bundled.

Based on the
https://security-tracker.debian.org/tracker/CVE-2024-56337

there are some vulnerabilities in this version and I suggest, jmix should us the actual version 10.1.34 from 9th of December 2024 ( Apache Tomcat 10 (10.1.34) - Changelog )

Best regards

Felix

i.gavrilov · January 20, 2025, 10:46am

Hi Felix,

Basically we use Tomcat provided by Spring Boot.
Upcoming patch-release will use Spring Boot 3.3.7 + Tomcat 10.1.34.

Regards,
Ivan