Bump Spring Boot Version to Fix Outdated Dependencies

- [x] I have searched the [issues](https://github.com/alibaba/arthas/issues) of this repository and believe that this is not a duplicate.

Description

Upgrade the Spring Boot version to address vulnerable transitive dependencies, including but not limited to:
- Tomcat
- Spring Security

The issue was identified in the published **_tunnel-server-fatjar_**, where critical marked vulnerable transitive dependencies are being pulled in.

Dependencies

- org.springframework.security:spring-security-web [CVE-2024-38821](https://www.cve.org/CVERecord?id=CVE-2024-38821)
- org.springframework.security:spring-security-crypto [CVE-2025-22228](https://www.cve.org/CVERecord?id=CVE-2025-22228)
- org.apache.tomcat.embed:tomcat-embed-core [CVE-2024-56337](https://www.cve.org/CVERecord?id=CVE-2024-56337), [CVE-2024-52316](https://www.cve.org/CVERecord?id=CVE-2024-52316), [CVE-2024-50379](https://www.cve.org/CVERecord?id=CVE-2024-50379)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump Spring Boot Version to Fix Outdated Dependencies #3139

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bump Spring Boot Version to Fix Outdated Dependencies #3139

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions