Skip to content

INS-1604 CVE Fixes#164

Merged
amattu2 merged 2 commits into3.3.1from
INS-1604
Apr 16, 2026
Merged

INS-1604 CVE Fixes#164
amattu2 merged 2 commits into3.3.1from
INS-1604

Conversation

@amattu2
Copy link
Copy Markdown
Contributor

@amattu2 amattu2 commented Apr 13, 2026

Overview

This PR bumps Apache Tomcat to 11.0.21 to fix multiple high CVEs.

Change Details (Specifics)

N/A

Related Ticket(s)

INS-1604
INS-1614

@amattu2 amattu2 added this to the 3.3.1 milestone Apr 13, 2026
Copilot AI review requested due to automatic review settings April 13, 2026 19:59
@codacy-production
Copy link
Copy Markdown

codacy-production bot commented Apr 13, 2026

Not up to standards ⛔

TIP This summary will be updated as you push new changes. Give us feedback

Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Apache Tomcat to 11.0.21 to address multiple high-severity CVEs (INS-1604 / INS-1614), ensuring both the build-time dependency and the runtime container image are aligned.

Changes:

  • Bump org.apache.tomcat.embed:tomcat-embed-core from 11.0.20 to 11.0.21 in pom.xml.
  • Update the Docker base image from tomcat:11.0.20-jdk17 to tomcat:11.0.21-jdk17.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pom.xml Updates the Tomcat embedded core dependency version to 11.0.21.
Dockerfile Updates the production-stage Tomcat image tag to 11.0.21-jdk17.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@amattu2 amattu2 requested a review from JoonLeeNIH April 13, 2026 20:03
JoonLeeNIH
JoonLeeNIH approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@JoonLeeNIH JoonLeeNIH left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Builds fine and runs fine when I execute all of our Postman requests.

@amattu2 amattu2 merged commit 9773ca9 into 3.3.1 Apr 16, 2026
7 of 8 checks passed
@amattu2 amattu2 deleted the INS-1604 branch April 16, 2026 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JoonLeeNIH JoonLeeNIH JoonLeeNIH approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

3.3.1

Development

Successfully merging this pull request may close these issues.

3 participants

@amattu2 @JoonLeeNIH