CVEs Tomcat
Several vulnerabilities CVE-2026-34487, CVE-2026-24880, CVE-2026-29146, CVE-2026-34483, CVE-2026-29145 and CVE-2026-29129 have been disclosed, affecting the Tomcat Web Application Server.
A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options.
We are now releasing an updated version 2025.2.4 of Data Management Center that includes a patched version of Apache Tomcat.
Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.
CVE Spring Framework
Additionally, one vulnerability in the Spring Framework CVE-2026-22731 has been disclosed. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.
Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.
Nonetheless, we are now releasing an updated version 2025.2.4 of Data Management Center that includes a patched version of the Spring Framework.
Bugfixes
- Fix: Numeric fields with decimals now allow correct digit entry
- Fix: Disabled form fields now persist correctly after rebuilds
- Fix: UI now refreshes after category sort order changes
- Fix: UI now refreshes after table sort order changes
- Fix: domain-edit dialog showed incorrect validation icon state
- Fix: domain-edit dialog now revalidates SQL on domain value changes
- Fix: command-edit dialog now allows re-copying previously copied entries
- Fix: Mail task email validator now requires a full domain with TLD
- Fix: Mail task email input validation state now updates correctly
Improvements
- Improvement: Added visual separators for category changes in the table-admin-view
- Improvement: Improved visibility of visual separators in the task-edit-view
(since 2025.2.3)
Container Image: infomotiondmc.azurecr.io/dmc@sha256:e9c475c3285d459a171db180d024c7d162781beb56085f5afeea4c2134094688
WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.4/dmc.war (sha256: a21945ca8c6510bff72380d74eb89d5b6d31fbebb43c0f75b56c33210feb005c)