Patch 2024.2.8 / CVE-2025-48988

23. Juni 2025

A vulnerability CVE-2025-48988 has been disclosed, affecting the Tomcat Web Application Server:
"DoS in multipart upload"

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.8 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that Tomcat installation should be patched as well.

Dependency Upgrades

Upgrade to Spring Boot 3.4.7 including embedded Tomcat 10.1.42 to avoid potential issues with CVE-2025-48988

(since 2024.2.7)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.8

Dependency Upgrades​

Dependency Upgrades