aboutsummaryrefslogtreecommitdiffstats
path: root/build.gradle
diff options
context:
space:
mode:
authorSimon Brandhof <simon.brandhof@sonarsource.com>2020-06-22 10:44:54 +0200
committersonartech <sonartech@sonarsource.com>2020-06-22 20:04:33 +0000
commit29fbfe91f4c432dba3815275f7ab19778dbba5bc (patch)
tree9c85be9ab6dfd4055790037db7725d2e42013144 /build.gradle
parentf21a11a263d2afe62622ad255fe79165c3ecc424 (diff)
downloadsonarqube-29fbfe91f4c432dba3815275f7ab19778dbba5bc.tar.gz
sonarqube-29fbfe91f4c432dba3815275f7ab19778dbba5bc.zip
Upgrade Tomcat to 8.5.56
The vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9484 is not exploitable but it generates a false-positive in SCA reports. Upgrading kills the noise.
Diffstat (limited to 'build.gradle')
-rw-r--r--build.gradle2
1 files changed, 1 insertions, 1 deletions
diff --git a/build.gradle b/build.gradle
index ed6859c644e..97c3a849c23 100644
--- a/build.gradle
+++ b/build.gradle
@@ -273,7 +273,7 @@ subprojects {
entry 'log4j-to-slf4j'
entry 'log4j-core'
}
- dependencySet(group: 'org.apache.tomcat.embed', version: '8.5.53') {
+ dependencySet(group: 'org.apache.tomcat.embed', version: '8.5.56') {
entry 'tomcat-embed-core'
entry('tomcat-embed-jasper') {
exclude 'org.eclipse.jdt.core.compiler:ecj'