fix(java-template): update Spring Boot 3.4.5 + Tomcat 10.1.45 for CVE fixes

laugiov · laugiov · commit b30879e6eb96 · 2026-02-04T19:51:07.000+01:00
- CVE-2025-24813 (CRITICAL): Tomcat RCE/information disclosure - CVE-2025-48988, CVE-2025-48989, CVE-2025-55752 (HIGH): Tomcat DoS/traversal - CVE-2025-22235 (HIGH): Spring Boot actuator endpoint matcher - CVE-2025-41249 (HIGH): Spring Core annotation detection
diff --git a/templates/java-service/pom.xml b/templates/java-service/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.4.1</version>
+        <version>3.4.5</version>
         <relativePath/>
     </parent>
 
@@ -20,6 +20,8 @@
     <properties>
         <java.version>21</java.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <!-- Override Tomcat version to fix CVE-2025-24813, CVE-2025-48988, CVE-2025-48989, CVE-2025-55752 -->
+        <tomcat.version>10.1.45</tomcat.version>
     </properties>
 
     <dependencies>
