Tags

Tags give the ability to mark specific points in history as being important

LA-4.0.0

3c1ab8c3 · security: upgrade Spring Boot, Tomcat, Bouncy Castle and related deps to address CVEs · May 06, 2026

**Release date:** 2026-05-05
  **Type:** Security / dependency upgrade

  ### Summary
  Bumped Spring Boot, Spring Framework, Tomcat, Logback, Jackson, and Bouncy Castle to address known CVEs (including Spring Boot
  Actuator vulnerabilities). No application code changes; runtime/dependency upgrades only.

  ### Security fixes — dependency upgrades

  | Component        | Old     | New             |
  |------------------|---------|-----------------|
  | Spring Boot      | 3.4.5   | 3.5.12          |
  | Spring Framework | 6.2.11  | 6.2.17          |
  | Apache Tomcat    | 11.0.10 | 11.0.21         |
  | Bouncy Castle    | 1.79    | 1.84            |
  | Logback          | —       | 1.5.25 (pinned) |
  | Jackson BOM      | —       | 2.18.6 (pinned) |

  ### Files touched (upstream source repo)
  - `build.gradle.kts`
  - `gradle.properties`
  - `gradle/libs.versions.toml`

  ### Files touched (this repo)
  - `DocSigner-Java17/docsigner.war`
  - `DocSigner-Java21/docsigner.war`
  - `DocSigner-Java24/docsigner.war`

  ### Impact / compatibility
  - Spring Boot minor upgrade (3.4.x → 3.5.x) — review any deprecated auto-configuration in app code; Actuator endpoint behavior
  should be re-verified.
  - Tomcat patch upgrade within 11.0.x — no API changes expected.
  - Bouncy Castle minor upgrade (1.79 → 1.84) — verify signing/crypto flows.

LA-3.0.0

cdb1c4fa · Add Docker support and multi-Java version configuration · Oct 17, 2025
```
Multi-Java Version Support
Docker Deployment Support
Security Fix
```
LA-1.0.1

9468a283 · Merge branch 'LA-1.0.1' into 'master' · Nov 18, 2024
```
security fix: spring web upgraded from 6.1.4 to 6.1.14
```

LA-4.0.0

LA-3.0.0

LA-1.0.1