fix vulnerabilities on backend

jianmingtu · jianmingtu · commit 4103d181c49f · 2025-03-31T12:30:19.000-07:00
diff --git a/src/backend/Dockerfile.efiling-api b/src/backend/Dockerfile.efiling-api
@@ -41,6 +41,8 @@ RUN mvn -B clean install \
 #############################################################################################
 FROM eclipse-temurin:17-jre-alpine
 
+RUN apk update && apk add --upgrade --no-cache libexpat # fix CVE-2024-8176
+
 # ARG MVN_PROFILES
 ARG SERVICE_NAME=efiling-api
 
diff --git a/src/backend/efiling-api/pom.xml b/src/backend/efiling-api/pom.xml
@@ -208,6 +208,7 @@
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-core</artifactId>
+            <version>10.1.39</version>
         </dependency>
         <dependency>
             <groupId>org.json</groupId>
@@ -243,6 +244,11 @@
             <artifactId>cxf-core</artifactId>
             <version>4.0.6</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+            <version>6.3.8</version>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>
