[FLUME-3472] fix vulnerability CVE 2020-1938 caused by tomcat-embed-core

apache · Apr 27, 2023 · 8dc30a3 · 8dc30a3
1 parent f9dbb2d
commit 8dc30a3
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/flume-parent/pom.xml b/flume-parent/pom.xml
@@ -895,6 +895,21 @@ limitations under the License.
         </exclusions>
       </dependency>
 
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-core</artifactId>
+        <version>9.0.65</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-el</artifactId>
+        <version>9.0.65</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-websocket</artifactId>
+        <version>9.0.65</version>
+      </dependency>
       <dependency>
         <groupId>org.apache.thrift</groupId>
         <artifactId>libthrift</artifactId>
@@ -904,6 +919,10 @@ limitations under the License.
             <groupId>javax.servlet</groupId>
             <artifactId>servlet-api</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>