Skip to content

v0.1.25.41 — drop tomcat override (SB 3.5.14 BOM-managed) + Jedis fleet alignment

Latest
Latest

Choose a tag to compare

View all tags
@amavashev amavashev released this 26 Apr 13:31
· 42 commits to main since this release
v0.1.25.41
7fec471
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Dependency hygiene release. No application-level code or wire-format changes — pom-only patch.

Changed

  • Spring Boot 3.5.13 → 3.5.14. Patch upgrade picking up upstream security hardening (constant-time DevTools secret comparison, RandomValuePropertySource SecureRandom, consistent SSL hostname verification, ApplicationPidFileWriter/ApplicationTemp symlink fixes).
  • Drop <tomcat.version>10.1.54</tomcat.version> override. SB 3.5.14's BOM now manages Tomcat 10.1.54 directly (verified against spring-boot-dependencies-3.5.14.pom). The explicit pin from v0.1.25.33 (closing CVE-2026-34483 / CVE-2026-34487) is now redundant.
  • Jedis 5.2.0 → 6.2.0 (major). Aligns with cycles-server-events (6.2.0) and cycles-server (6.2.0) on a single Redis-client major across the fleet. Jedis 6.1.0 explicitly restored binary compatibility for SetParams (#4225 upstream); all 782 tests pass on 6.2.0.
  • commons-lang3 3.18.0 override retained — SB 3.5.14's BOM still manages 3.17.0 (CVE-2025-48924 unfixed there). Comment updated to reference SB 3.5.14.

See CHANGELOG.md for the full entry.

Fleet alignment

Matching releases: cycles-server-events v0.1.25.12, cycles-server v0.1.25.18.

Assets 2
Loading