You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Pesonen, Harri" <ha...@sap.com> on 2017/05/11 14:21:11 UTC

Security question

Hello,
the following lists Tomcat versions 8.5.0 - 8.5.12, does it mean that the problem has been fixed in 8.5.13 and later?

https://nvd.nist.gov/vuln/detail/CVE-2017-5651

I assume that it has been fixed, as 8.5.13 readme has:


  *   [Fix:]  60918<http://bz.apache.org/bugzilla/show_bug.cgi?id=60918>: Fix sendfile processing error that could lead to subsequent requests experiencing an IllegalStateException. (markt)
  *   [Fix:]  Improve sendfile handling when requests are pipelined. (markt)

-Harri

Re: Security question

Posted by Violeta Georgieva <vi...@apache.org>.

2017-05-11 17:21 GMT+03:00 Pesonen, Harri <ha...@sap.com>:
>
> Hello,
>
> the following lists Tomcat versions 8.5.0 – 8.5.12, does it mean that the
problem has been fixed in 8.5.13 and later?

yes
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.13

Regards,
Violeta

>
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2017-5651
>
>
>
> I assume that it has been fixed, as 8.5.13 readme has:
>
>
>
>  60918: Fix sendfile processing error that could lead to subsequent
requests experiencing an IllegalStateException. (markt)
>  Improve sendfile handling when requests are pipelined. (markt)
>
>
>
> -Harri