From 63acdea2b0c887dfb34ed933ba7334cf912420f3 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Mon, 23 Mar 2026 15:31:46 -0400
Subject: [PATCH 1/6] Attempt at fixing jackson vulnerability

---
 pom.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pom.xml b/pom.xml
index 9e68054..eb97660 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,6 +33,13 @@
 
     <dependencyManagement>
         <dependencies>
+            <dependency>
+                <groupId>com.fasterxml.jackson</groupId>
+                <artifactId>jackson-bom</artifactId>
+                <version>2.18.6</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
             <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-codec</artifactId>

From 65d693d5460b2e215f7efa682706ed12abde6cd3 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Mon, 23 Mar 2026 15:35:28 -0400
Subject: [PATCH 2/6] Updated Tomcat base image, which has Java 17.0.18, which
 fixes Java vulnerabilities.

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index b7b40ef..d70086b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ COPY . .
 RUN mvn package -DskipTests
 
 # Production stage
-FROM tomcat:11.0.13-jdk17 AS fnl_base_image
+FROM tomcat:11.0.20-jdk17 AS fnl_base_image
 
 RUN apt-get update && apt-get -y upgrade
 

From d15c3e0cf3ed2662476614a5d4770b3bbbce2ef3 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Mon, 23 Mar 2026 15:36:26 -0400
Subject: [PATCH 3/6] Updated Tomcat version in POM

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index eb97660..0eb08b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -196,7 +196,7 @@
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-core</artifactId>
-            <version>11.0.13</version>
+            <version>11.0.20</version>
         </dependency>
         <!-- JUnit -->
         <dependency>

From d9166d6053ca4cad9bb69e48b1febd938a450cea Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Mon, 23 Mar 2026 15:37:38 -0400
Subject: [PATCH 4/6] Updated log4j dependencies to fix vulnerabilities

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0eb08b7..630881c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,12 +53,12 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
-            <version>2.24.3</version>
+            <version>2.25.3</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.24.3</version>
+            <version>2.25.3</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.logging.log4j</groupId>

From af1b92c6af17804fccd05c8b8cd32af5bb9fb875 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Mon, 23 Mar 2026 15:38:38 -0400
Subject: [PATCH 5/6] Updated Spring dependencies to fix vulnerabilities

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 630881c..5abb731 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
     <properties>
         <java.version>17</java.version>
         <!-- Override Spring Framework version globally for Boot -->
-        <spring-framework.version>6.2.11</spring-framework.version>
+        <spring-framework.version>7.0.6</spring-framework.version>
 
         <spring.restdocs.version>3.0.3</spring.restdocs.version>
         <snakeyaml.version>2.3</snakeyaml.version>

From 2915e44202bdfa0bf5ba055a6b68eaf031389c85 Mon Sep 17 00:00:00 2001
From: Joon Lee <joon.lee2@nih.gov>
Date: Mon, 23 Mar 2026 20:19:00 +0000
Subject: [PATCH 6/6] Trying not to upgrade Spring Framework to a new major
 version

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5abb731..84380d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
     <properties>
         <java.version>17</java.version>
         <!-- Override Spring Framework version globally for Boot -->
-        <spring-framework.version>7.0.6</spring-framework.version>
+        <spring-framework.version>6.2.17</spring-framework.version>
 
         <spring.restdocs.version>3.0.3</spring.restdocs.version>
         <snakeyaml.version>2.3</snakeyaml.version>