Follow

Fixing CVEs in the libraries included by Spring Boot by overriding their versions.
spring.io/blog/2016/04/13/over

Used this to fix a couple of CVEs (enabling DDoS attacks) introduced by tomcat-embed libraries by upgrading to 9.0.37. Feels good to be ahead of the framework in handling security issues.

Sign in to participate in the conversation
Toot.ThoughtWorks

A Mastodon instance running on ThoughtWorks infrastructure for its employees to interact with the Fediverse.