Fixing CVEs in the libraries included by Spring Boot by overriding their versions.

Used this to fix a couple of CVEs (enabling DDoS attacks) introduced by tomcat-embed libraries by upgrading to 9.0.37. Feels good to be ahead of the framework in handling security issues.

Sign in to participate in the conversation

A Mastodon instance running on ThoughtWorks infrastructure for its employees to interact with the Fediverse.