Merge pull request #1615 from CMSgov/QPPA-11465

chetanmunegowda · web-flow · commit a7ba64dbb598 · 2026-03-10T12:51:37.000-04:00
QPPA-11465: fix vulnerability issue
diff --git a/pom.xml b/pom.xml
@@ -237,25 +237,25 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-core</artifactId>
-				<version>2.17.3</version>
+				<version>2.18.6</version>
 			</dependency>
 
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-annotations</artifactId>
-				<version>2.17.3</version>
+				<version>2.18.6</version>
 			</dependency>
 
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-databind</artifactId>
-				<version>2.17.3</version>
+				<version>2.18.6</version>
 			</dependency>
 
 			<dependency>
 				<groupId>com.fasterxml.jackson.dataformat</groupId>
 				<artifactId>jackson-dataformat-xml</artifactId>
-				<version>2.17.3</version>
+				<version>2.18.6</version>
 			</dependency>
 
 			<dependency>
@@ -515,7 +515,23 @@
 			<dependency>
 				<groupId>com.fasterxml.jackson.module</groupId>
 				<artifactId>jackson-module-jaxb-annotations</artifactId>
-				<version>2.17.3</version>
+				<version>2.18.6</version>
+			</dependency>
+
+			<dependency>
+				<groupId>org.apache.tomcat.embed</groupId>
+				<artifactId>tomcat-embed-core</artifactId>
+				<version>10.1.52</version>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.tomcat.embed</groupId>
+				<artifactId>tomcat-embed-el</artifactId>
+				<version>10.1.52</version>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.tomcat.embed</groupId>
+				<artifactId>tomcat-embed-websocket</artifactId>
+				<version>10.1.52</version>
 			</dependency>
 
 			<dependency>
diff --git a/rest-api/pom.xml b/rest-api/pom.xml
@@ -33,7 +33,7 @@
 
         <!-- For documentation only; actual coordination is done by the BOMs below -->
         <spring-framework.version>6.2.12</spring-framework.version>
-        <tomcat.version>10.1.45</tomcat.version>
+        <tomcat.version>10.1.52</tomcat.version>
 
         <!-- Test stack kept explicit so CI is deterministic across JDK updates -->
         <junit.jupiter.version>5.10.3</junit.jupiter.version>
