From b54607871b5855b98dcebdab4ec23bd3b49a306f Mon Sep 17 00:00:00 2001
From: kfir-amar <kfir.amar@wint.ai>
Date: Sun, 13 Jul 2025 14:19:37 +0300
Subject: [PATCH] fix: Update Tomcat to 10.1.35 to address CVE-2025-24813
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit updates the embedded Tomcat version from 10.1.12 to 10.1.35
to fix CVE-2025-24813, a critical vulnerability (CVSS 9.8) that could
lead to Remote Code Execution and/or Information disclosure via the
Default Servlet in Apache Tomcat.

The vulnerability affects Apache Tomcat:
- from 11.0.0-M1 through 11.0.2
- from 10.1.0-M1 through 10.1.34
- from 9.0.0.M1 through 9.0.98

By updating to Tomcat 10.1.35, this vulnerability is resolved.

Fixes: CVE-2025-24813

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 pom.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pom.xml b/pom.xml
index aa02a56f0e9..ed58509c756 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,6 +37,8 @@
         <scala-lang.library.version>2.13.9</scala-lang.library.version>
         <snakeyaml.version>2.0</snakeyaml.version>
         <spring-boot.version>3.1.3</spring-boot.version>
+        <!-- CVE-2025-24813 FIX: Override Tomcat version -->
+        <tomcat.version>10.1.35</tomcat.version>
         <kafka-ui-serde-api.version>1.0.0</kafka-ui-serde-api.version>
         <odd-oddrn-generator.version>0.1.17</odd-oddrn-generator.version>
         <odd-oddrn-client.version>0.1.26</odd-oddrn-client.version>