You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Parminder Singh <ps...@outlook.com> on 2014/03/20 16:54:15 UTC
TomEE CVE-2014-0050
What version of Tomcat is TomEE 1.6 based on? We need to upgrade to TomEE from Tomcat 7.0.52 but want to make sure that that the issue CVE-2014-0050 is not there in TomEE 1.6.
Re: TomEE CVE-2014-0050
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
You get tomcat backbone version 7.0.47.
We have a 1.6.0.1 with just that security fix applied.
Just did not get time to release that branch, but all is ready.
JLouis
2014-03-20 17:03 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> What version of Tomcat do we get when we download TomEE plus from here:
> http://www.apache.org/dyn/closer.cgi/tomee/tomee-1.6.0/apache-tomee-1.6.0-plus.zip
>
> > From: rmannibucau@gmail.com
> > Date: Thu, 20 Mar 2014 16:59:01 +0100
> > Subject: Re: TomEE CVE-2014-0050
> > To: users@tomee.apache.org
> >
> > tomee uses tomcat 7.0.52 only on trunk
> > Romain Manni-Bucau
> > Twitter: @rmannibucau
> > Blog: http://rmannibucau.wordpress.com/
> > LinkedIn: http://fr.linkedin.com/in/rmannibucau
> > Github: https://github.com/rmannibucau
> >
> >
> >
> > 2014-03-20 16:54 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> > > What version of Tomcat is TomEE 1.6 based on? We need to upgrade to
> TomEE from Tomcat 7.0.52 but want to make sure that that the issue
> CVE-2014-0050 is not there in TomEE 1.6.
> > >
>
>
--
Jean-Louis
RE: TomEE CVE-2014-0050
Posted by Parminder Singh <ps...@outlook.com>.
Is there an ETA when a fix for this vulnerability will be released?
> From: rmannibucau@gmail.com
> Date: Thu, 20 Mar 2014 17:06:01 +0100
> Subject: Re: TomEE CVE-2014-0050
> To: users@tomee.apache.org
>
> 7.0.47
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
>
> 2014-03-20 17:03 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> > What version of Tomcat do we get when we download TomEE plus from here: http://www.apache.org/dyn/closer.cgi/tomee/tomee-1.6.0/apache-tomee-1.6.0-plus.zip
> >
> >> From: rmannibucau@gmail.com
> >> Date: Thu, 20 Mar 2014 16:59:01 +0100
> >> Subject: Re: TomEE CVE-2014-0050
> >> To: users@tomee.apache.org
> >>
> >> tomee uses tomcat 7.0.52 only on trunk
> >> Romain Manni-Bucau
> >> Twitter: @rmannibucau
> >> Blog: http://rmannibucau.wordpress.com/
> >> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> >> Github: https://github.com/rmannibucau
> >>
> >>
> >>
> >> 2014-03-20 16:54 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> >> > What version of Tomcat is TomEE 1.6 based on? We need to upgrade to TomEE from Tomcat 7.0.52 but want to make sure that that the issue CVE-2014-0050 is not there in TomEE 1.6.
> >> >
> >
Re: TomEE CVE-2014-0050
Posted by Romain Manni-Bucau <rm...@gmail.com>.
7.0.47
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-20 17:03 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> What version of Tomcat do we get when we download TomEE plus from here: http://www.apache.org/dyn/closer.cgi/tomee/tomee-1.6.0/apache-tomee-1.6.0-plus.zip
>
>> From: rmannibucau@gmail.com
>> Date: Thu, 20 Mar 2014 16:59:01 +0100
>> Subject: Re: TomEE CVE-2014-0050
>> To: users@tomee.apache.org
>>
>> tomee uses tomcat 7.0.52 only on trunk
>> Romain Manni-Bucau
>> Twitter: @rmannibucau
>> Blog: http://rmannibucau.wordpress.com/
>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>> Github: https://github.com/rmannibucau
>>
>>
>>
>> 2014-03-20 16:54 GMT+01:00 Parminder Singh <ps...@outlook.com>:
>> > What version of Tomcat is TomEE 1.6 based on? We need to upgrade to TomEE from Tomcat 7.0.52 but want to make sure that that the issue CVE-2014-0050 is not there in TomEE 1.6.
>> >
>
RE: TomEE CVE-2014-0050
Posted by Parminder Singh <ps...@outlook.com>.
What version of Tomcat do we get when we download TomEE plus from here: http://www.apache.org/dyn/closer.cgi/tomee/tomee-1.6.0/apache-tomee-1.6.0-plus.zip
> From: rmannibucau@gmail.com
> Date: Thu, 20 Mar 2014 16:59:01 +0100
> Subject: Re: TomEE CVE-2014-0050
> To: users@tomee.apache.org
>
> tomee uses tomcat 7.0.52 only on trunk
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
>
> 2014-03-20 16:54 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> > What version of Tomcat is TomEE 1.6 based on? We need to upgrade to TomEE from Tomcat 7.0.52 but want to make sure that that the issue CVE-2014-0050 is not there in TomEE 1.6.
> >
Re: TomEE CVE-2014-0050
Posted by Romain Manni-Bucau <rm...@gmail.com>.
tomee uses tomcat 7.0.52 only on trunk
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-20 16:54 GMT+01:00 Parminder Singh <ps...@outlook.com>:
> What version of Tomcat is TomEE 1.6 based on? We need to upgrade to TomEE from Tomcat 7.0.52 but want to make sure that that the issue CVE-2014-0050 is not there in TomEE 1.6.
>