You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Wai Siang, Chu" <wa...@toppanecquaria.com> on 2022/07/13 09:46:48 UTC
Apache Tomcat 8.5.82 Release Date
Dear Apache Tomcat Team,
We are aware there is a vulnerability found in the latest 8.5.xx version.
*Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>
Hence, may we check is there an estimated timeline for the *Apache Tomcat
8.5.82* release date?
Thank you.
Regards,
Wai Siang
D: -
M: (65) 9821 0409
T: (65) 6837 2822
F: (65) 6756 3839
E : waisiang@toppanecquaria.com
11 Toa Payoh Lorong 3
#02-31 Block C, Jackson Square
Singapore 319579
Toppan Ecquaria Pte. Ltd.
Company Registration No: 199806305H
www.toppanecquaria.com
https://www.linkedin.com/company/toppan-ecquaria/
STRICTLY CONFIDENTIAL - This message, its contents and any files
transmitted with it are intended SOLELY for the addressee(s) and may be
legally privileged and/or confidential. Access by any other party is
unauthorised without the expressed written permission of the sender. If you
have received this message in error, you may not copy or use the contents,
attachments or information in any way. Please destroy it and contact us
immediately via e-mail return or by telephone at (65) 68372822. This
message has been prepared using information believed by the author to be
reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
of Companies ("Toppan") makes no warranty as to its accuracy or
completeness. Toppan does not accept responsibility for changes made to
this message after it was sent.
RE: Apache Tomcat 8.5.82 Release Date
Posted by jo...@wellsfargo.com.INVALID.
Love it Chris!
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
> -----Original Message-----
> From: Christopher Schultz <ch...@christopherschultz.net>
> Sent: Tuesday, August 2, 2022 10:42 AM
> To: users@tomcat.apache.org
> Subject: Re: Apache Tomcat 8.5.82 Release Date
>
> To whom it may concern,
>
> On 8/2/22 01:28, Wai Siang, Chu wrote:
> > Dear Apache Tomcat Team,
> >
> > Based on the previous email reply,
> > may we have an update regarding the estimated release date for the
> > *Apache Tomcat 8.5.82* ?
>
> I can accept payments via Venmo if you want to accelerate the release-date
> of Tomcat 8.5.82 as part of *my volunteer efforts* to support Apache
> Tomcat.
>
> -chris
>
> >> On 7/26/22 00:13, Wai Siang, Chu wrote:
> >>> Based on the previous email reply,
> >>> may we have an update regarding the estimated release date for the
> >> *Apache
> >>> Tomcat 8.5.82* ?
> >>
> >> I expect to begin the release process around 1 August (6 days from
> today).
> >>
> >> Please note that upgrading to Tomcat 8.5.82 once it is available
> >> should not provide any actual security protections in a production
> environment.
> >> If you have deployed the "examples" web application into production
> >> then you are already making a mistake, security-wise. Simply removing
> >> the application entirely mitigates the threat.
> >>
> >> -chris
> >>
> >>> On Wed, Jul 13, 2022 at 6:00 PM Mark Thomas <ma...@apache.org>
> wrote:
> >>>
> >>>> On 13/07/2022 10:46, Wai Siang, Chu wrote:
> >>>>> Dear Apache Tomcat Team,
> >>>>>
> >>>>> We are aware there is a vulnerability found in the latest 8.5.xx
> >> version.
> >>>>>
> >>>>> *Low: Apache Tomcat XSS in examples web application*
> >>>>> CVE-2022-34305
> >>>>> <https://urldefense.com/v3/__http://cve.mitre.org/cgi-
> bin/cvename.
> >>>>> cgi?name=CVE-2022-
> 34305__;!!F9svGWnIaVPGSwU!rx9QCvjLGtG5ixGUV3DTaQ
> >>>>> eud0k-HVJc5PPnJt_DVBXKG0UwriypMpfuzJYIU_QSduD-HHw2UM2-
> NeeahXqhpdLN
> >>>>> 4V7TXTDq$ >
> >>>>>
> >>>>> Hence, may we check is there an estimated timeline for the *Apache
> >> Tomcat
> >>>>> 8.5.82* release date?
> >>>>
> >>>> Why?
> >>>>
> >>>> Have you reviewed the vulnerability? It is a XSS in the examples app.
> >>>> The examples app should never be deployed in a production
> environment.
> >>>> Hence this vulnerability should be a non-issue for (nearly?) all users.
> >>>>
> >>>> Like all currently supported Tomcat versions, 8.5.x is released on
> >>>> a roughly monthly cycle. The July release for 8.5.x hasn't started
> >>>> yet so I'd expect the release later this month.
> >>>>
> >>>> If you want to follow release planning more closely, then that is
> >>>> discussed on the dev list.
> >>>>
> >>>> Mark
> >>>>
> >>>>
> >>>>>
> >>>>>
> >>>>> Thank you.
> >>>>>
> >>>>> Regards,
> >>>>> Wai Siang
> >>>>>
> >>>>> D: -
> >>>>> M: (65) 9821 0409
> >>>>> T: (65) 6837 2822
> >>>>> F: (65) 6756 3839
> >>>>> E : waisiang@toppanecquaria.com
> >>>>>
> >>>>> 11 Toa Payoh Lorong 3
> >>>>> #02-31 Block C, Jackson Square
> >>>>> Singapore 319579
> >>>>>
> >>>>> Toppan Ecquaria Pte. Ltd.
> >>>>> Company Registration No: 199806305H
> >>>>>
> >>>>>
> https://urldefense.com/v3/__http://www.toppanecquaria.com__;!!F9sv
> >>>>> GWnIaVPGSwU!rx9QCvjLGtG5ixGUV3DTaQeud0k-
> HVJc5PPnJt_DVBXKG0UwriypMp
> >>>>> fuzJYIU_QSduD-HHw2UM2-NeeahXqhpdLN4UQR06YD$
> >>>>>
> >>>>>
> https://urldefense.com/v3/__https://www.linkedin.com/company/toppa
> >>>>> n-
> ecquaria/__;!!F9svGWnIaVPGSwU!rx9QCvjLGtG5ixGUV3DTaQeud0k-HVJc5P
> >>>>> PnJt_DVBXKG0UwriypMpfuzJYIU_QSduD-HHw2UM2-
> NeeahXqhpdLN4QcSE_fY$
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> STRICTLY CONFIDENTIAL - This message, its contents and any files
> >>>>> transmitted with it are intended SOLELY for the addressee(s) and
> >>>>> may be legally privileged and/or confidential. Access by any other
> >>>>> party is unauthorised without the expressed written permission of
> >>>>> the sender. If
> >>>> you
> >>>>> have received this message in error, you may not copy or use the
> >>>> contents,
> >>>>> attachments or information in any way. Please destroy it and
> >>>>> contact us immediately via e-mail return or by telephone at (65)
> >>>>> 68372822. This message has been prepared using information
> >>>>> believed by the author to
> >> be
> >>>>> reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the
> >>>>> Toppan
> >> Group
> >>>>> of Companies ("Toppan") makes no warranty as to its accuracy or
> >>>>> completeness. Toppan does not accept responsibility for changes
> >>>>> made to this message after it was sent.
> >>>>>
> >>>>
> >>>> -------------------------------------------------------------------
> >>>> -- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache Tomcat 8.5.82 Release Date
Posted by Christopher Schultz <ch...@christopherschultz.net>.
To whom it may concern,
On 8/2/22 01:28, Wai Siang, Chu wrote:
> Dear Apache Tomcat Team,
>
> Based on the previous email reply,
> may we have an update regarding the estimated release date for the *Apache
> Tomcat 8.5.82* ?
I can accept payments via Venmo if you want to accelerate the
release-date of Tomcat 8.5.82 as part of *my volunteer efforts* to
support Apache Tomcat.
-chris
>> On 7/26/22 00:13, Wai Siang, Chu wrote:
>>> Based on the previous email reply,
>>> may we have an update regarding the estimated release date for the
>> *Apache
>>> Tomcat 8.5.82* ?
>>
>> I expect to begin the release process around 1 August (6 days from today).
>>
>> Please note that upgrading to Tomcat 8.5.82 once it is available should
>> not provide any actual security protections in a production environment.
>> If you have deployed the "examples" web application into production then
>> you are already making a mistake, security-wise. Simply removing the
>> application entirely mitigates the threat.
>>
>> -chris
>>
>>> On Wed, Jul 13, 2022 at 6:00 PM Mark Thomas <ma...@apache.org> wrote:
>>>
>>>> On 13/07/2022 10:46, Wai Siang, Chu wrote:
>>>>> Dear Apache Tomcat Team,
>>>>>
>>>>> We are aware there is a vulnerability found in the latest 8.5.xx
>> version.
>>>>>
>>>>> *Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
>>>>> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>
>>>>>
>>>>> Hence, may we check is there an estimated timeline for the *Apache
>> Tomcat
>>>>> 8.5.82* release date?
>>>>
>>>> Why?
>>>>
>>>> Have you reviewed the vulnerability? It is a XSS in the examples app.
>>>> The examples app should never be deployed in a production environment.
>>>> Hence this vulnerability should be a non-issue for (nearly?) all users.
>>>>
>>>> Like all currently supported Tomcat versions, 8.5.x is released on a
>>>> roughly monthly cycle. The July release for 8.5.x hasn't started yet so
>>>> I'd expect the release later this month.
>>>>
>>>> If you want to follow release planning more closely, then that is
>>>> discussed on the dev list.
>>>>
>>>> Mark
>>>>
>>>>
>>>>>
>>>>>
>>>>> Thank you.
>>>>>
>>>>> Regards,
>>>>> Wai Siang
>>>>>
>>>>> D: -
>>>>> M: (65) 9821 0409
>>>>> T: (65) 6837 2822
>>>>> F: (65) 6756 3839
>>>>> E : waisiang@toppanecquaria.com
>>>>>
>>>>> 11 Toa Payoh Lorong 3
>>>>> #02-31 Block C, Jackson Square
>>>>> Singapore 319579
>>>>>
>>>>> Toppan Ecquaria Pte. Ltd.
>>>>> Company Registration No: 199806305H
>>>>>
>>>>> www.toppanecquaria.com
>>>>>
>>>>> https://www.linkedin.com/company/toppan-ecquaria/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> STRICTLY CONFIDENTIAL - This message, its contents and any files
>>>>> transmitted with it are intended SOLELY for the addressee(s) and may be
>>>>> legally privileged and/or confidential. Access by any other party is
>>>>> unauthorised without the expressed written permission of the sender. If
>>>> you
>>>>> have received this message in error, you may not copy or use the
>>>> contents,
>>>>> attachments or information in any way. Please destroy it and contact us
>>>>> immediately via e-mail return or by telephone at (65) 68372822. This
>>>>> message has been prepared using information believed by the author to
>> be
>>>>> reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan
>> Group
>>>>> of Companies ("Toppan") makes no warranty as to its accuracy or
>>>>> completeness. Toppan does not accept responsibility for changes made to
>>>>> this message after it was sent.
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache Tomcat 8.5.82 Release Date
Posted by "Wai Siang, Chu" <wa...@toppanecquaria.com>.
Dear Apache Tomcat Team,
Based on the previous email reply,
may we have an update regarding the estimated release date for the *Apache
Tomcat 8.5.82* ?
Thank you.
Regards,
Wai Siang
D: -
M: (65) 9821 0409
T: (65) 6837 2822
F: (65) 6756 3839
E : waisiang@toppanecquaria.com
11 Toa Payoh Lorong 3
#02-31 Block C, Jackson Square
Singapore 319579
Toppan Ecquaria Pte. Ltd.
Company Registration No: 199806305H
www.toppanecquaria.com
https://www.linkedin.com/company/toppan-ecquaria/
STRICTLY CONFIDENTIAL - This message, its contents and any files
transmitted with it are intended SOLELY for the addressee(s) and may be
legally privileged and/or confidential. Access by any other party is
unauthorised without the expressed written permission of the sender. If you
have received this message in error, you may not copy or use the contents,
attachments or information in any way. Please destroy it and contact us
immediately via e-mail return or by telephone at (65) 68372822. This
message has been prepared using information believed by the author to be
reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
of Companies ("Toppan") makes no warranty as to its accuracy or
completeness. Toppan does not accept responsibility for changes made to
this message after it was sent.
On Tue, Jul 26, 2022 at 10:46 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Wai Siang,
>
> On 7/26/22 00:13, Wai Siang, Chu wrote:
> > Based on the previous email reply,
> > may we have an update regarding the estimated release date for the
> *Apache
> > Tomcat 8.5.82* ?
>
> I expect to begin the release process around 1 August (6 days from today).
>
> Please note that upgrading to Tomcat 8.5.82 once it is available should
> not provide any actual security protections in a production environment.
> If you have deployed the "examples" web application into production then
> you are already making a mistake, security-wise. Simply removing the
> application entirely mitigates the threat.
>
> -chris
>
> > On Wed, Jul 13, 2022 at 6:00 PM Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 13/07/2022 10:46, Wai Siang, Chu wrote:
> >>> Dear Apache Tomcat Team,
> >>>
> >>> We are aware there is a vulnerability found in the latest 8.5.xx
> version.
> >>>
> >>> *Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
> >>> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>
> >>>
> >>> Hence, may we check is there an estimated timeline for the *Apache
> Tomcat
> >>> 8.5.82* release date?
> >>
> >> Why?
> >>
> >> Have you reviewed the vulnerability? It is a XSS in the examples app.
> >> The examples app should never be deployed in a production environment.
> >> Hence this vulnerability should be a non-issue for (nearly?) all users.
> >>
> >> Like all currently supported Tomcat versions, 8.5.x is released on a
> >> roughly monthly cycle. The July release for 8.5.x hasn't started yet so
> >> I'd expect the release later this month.
> >>
> >> If you want to follow release planning more closely, then that is
> >> discussed on the dev list.
> >>
> >> Mark
> >>
> >>
> >>>
> >>>
> >>> Thank you.
> >>>
> >>> Regards,
> >>> Wai Siang
> >>>
> >>> D: -
> >>> M: (65) 9821 0409
> >>> T: (65) 6837 2822
> >>> F: (65) 6756 3839
> >>> E : waisiang@toppanecquaria.com
> >>>
> >>> 11 Toa Payoh Lorong 3
> >>> #02-31 Block C, Jackson Square
> >>> Singapore 319579
> >>>
> >>> Toppan Ecquaria Pte. Ltd.
> >>> Company Registration No: 199806305H
> >>>
> >>> www.toppanecquaria.com
> >>>
> >>> https://www.linkedin.com/company/toppan-ecquaria/
> >>>
> >>>
> >>>
> >>>
> >>> STRICTLY CONFIDENTIAL - This message, its contents and any files
> >>> transmitted with it are intended SOLELY for the addressee(s) and may be
> >>> legally privileged and/or confidential. Access by any other party is
> >>> unauthorised without the expressed written permission of the sender. If
> >> you
> >>> have received this message in error, you may not copy or use the
> >> contents,
> >>> attachments or information in any way. Please destroy it and contact us
> >>> immediately via e-mail return or by telephone at (65) 68372822. This
> >>> message has been prepared using information believed by the author to
> be
> >>> reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan
> Group
> >>> of Companies ("Toppan") makes no warranty as to its accuracy or
> >>> completeness. Toppan does not accept responsibility for changes made to
> >>> this message after it was sent.
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Apache Tomcat 8.5.82 Release Date
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Wai Siang,
On 7/26/22 00:13, Wai Siang, Chu wrote:
> Based on the previous email reply,
> may we have an update regarding the estimated release date for the *Apache
> Tomcat 8.5.82* ?
I expect to begin the release process around 1 August (6 days from today).
Please note that upgrading to Tomcat 8.5.82 once it is available should
not provide any actual security protections in a production environment.
If you have deployed the "examples" web application into production then
you are already making a mistake, security-wise. Simply removing the
application entirely mitigates the threat.
-chris
> On Wed, Jul 13, 2022 at 6:00 PM Mark Thomas <ma...@apache.org> wrote:
>
>> On 13/07/2022 10:46, Wai Siang, Chu wrote:
>>> Dear Apache Tomcat Team,
>>>
>>> We are aware there is a vulnerability found in the latest 8.5.xx version.
>>>
>>> *Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
>>> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>
>>>
>>> Hence, may we check is there an estimated timeline for the *Apache Tomcat
>>> 8.5.82* release date?
>>
>> Why?
>>
>> Have you reviewed the vulnerability? It is a XSS in the examples app.
>> The examples app should never be deployed in a production environment.
>> Hence this vulnerability should be a non-issue for (nearly?) all users.
>>
>> Like all currently supported Tomcat versions, 8.5.x is released on a
>> roughly monthly cycle. The July release for 8.5.x hasn't started yet so
>> I'd expect the release later this month.
>>
>> If you want to follow release planning more closely, then that is
>> discussed on the dev list.
>>
>> Mark
>>
>>
>>>
>>>
>>> Thank you.
>>>
>>> Regards,
>>> Wai Siang
>>>
>>> D: -
>>> M: (65) 9821 0409
>>> T: (65) 6837 2822
>>> F: (65) 6756 3839
>>> E : waisiang@toppanecquaria.com
>>>
>>> 11 Toa Payoh Lorong 3
>>> #02-31 Block C, Jackson Square
>>> Singapore 319579
>>>
>>> Toppan Ecquaria Pte. Ltd.
>>> Company Registration No: 199806305H
>>>
>>> www.toppanecquaria.com
>>>
>>> https://www.linkedin.com/company/toppan-ecquaria/
>>>
>>>
>>>
>>>
>>> STRICTLY CONFIDENTIAL - This message, its contents and any files
>>> transmitted with it are intended SOLELY for the addressee(s) and may be
>>> legally privileged and/or confidential. Access by any other party is
>>> unauthorised without the expressed written permission of the sender. If
>> you
>>> have received this message in error, you may not copy or use the
>> contents,
>>> attachments or information in any way. Please destroy it and contact us
>>> immediately via e-mail return or by telephone at (65) 68372822. This
>>> message has been prepared using information believed by the author to be
>>> reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
>>> of Companies ("Toppan") makes no warranty as to its accuracy or
>>> completeness. Toppan does not accept responsibility for changes made to
>>> this message after it was sent.
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache Tomcat 8.5.82 Release Date
Posted by "Wai Siang, Chu" <wa...@toppanecquaria.com>.
Dear Apache Tomcat Team,
Based on the previous email reply,
may we have an update regarding the estimated release date for the *Apache
Tomcat 8.5.82* ?
Thank you.
Regards,
Wai Siang
D: -
M: (65) 9821 0409
T: (65) 6837 2822
F: (65) 6756 3839
E : waisiang@toppanecquaria.com
11 Toa Payoh Lorong 3
#02-31 Block C, Jackson Square
Singapore 319579
Toppan Ecquaria Pte. Ltd.
Company Registration No: 199806305H
www.toppanecquaria.com
https://www.linkedin.com/company/toppan-ecquaria/
STRICTLY CONFIDENTIAL - This message, its contents and any files
transmitted with it are intended SOLELY for the addressee(s) and may be
legally privileged and/or confidential. Access by any other party is
unauthorised without the expressed written permission of the sender. If you
have received this message in error, you may not copy or use the contents,
attachments or information in any way. Please destroy it and contact us
immediately via e-mail return or by telephone at (65) 68372822. This
message has been prepared using information believed by the author to be
reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
of Companies ("Toppan") makes no warranty as to its accuracy or
completeness. Toppan does not accept responsibility for changes made to
this message after it was sent.
On Wed, Jul 13, 2022 at 6:00 PM Mark Thomas <ma...@apache.org> wrote:
> On 13/07/2022 10:46, Wai Siang, Chu wrote:
> > Dear Apache Tomcat Team,
> >
> > We are aware there is a vulnerability found in the latest 8.5.xx version.
> >
> > *Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
> > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>
> >
> > Hence, may we check is there an estimated timeline for the *Apache Tomcat
> > 8.5.82* release date?
>
> Why?
>
> Have you reviewed the vulnerability? It is a XSS in the examples app.
> The examples app should never be deployed in a production environment.
> Hence this vulnerability should be a non-issue for (nearly?) all users.
>
> Like all currently supported Tomcat versions, 8.5.x is released on a
> roughly monthly cycle. The July release for 8.5.x hasn't started yet so
> I'd expect the release later this month.
>
> If you want to follow release planning more closely, then that is
> discussed on the dev list.
>
> Mark
>
>
> >
> >
> > Thank you.
> >
> > Regards,
> > Wai Siang
> >
> > D: -
> > M: (65) 9821 0409
> > T: (65) 6837 2822
> > F: (65) 6756 3839
> > E : waisiang@toppanecquaria.com
> >
> > 11 Toa Payoh Lorong 3
> > #02-31 Block C, Jackson Square
> > Singapore 319579
> >
> > Toppan Ecquaria Pte. Ltd.
> > Company Registration No: 199806305H
> >
> > www.toppanecquaria.com
> >
> > https://www.linkedin.com/company/toppan-ecquaria/
> >
> >
> >
> >
> > STRICTLY CONFIDENTIAL - This message, its contents and any files
> > transmitted with it are intended SOLELY for the addressee(s) and may be
> > legally privileged and/or confidential. Access by any other party is
> > unauthorised without the expressed written permission of the sender. If
> you
> > have received this message in error, you may not copy or use the
> contents,
> > attachments or information in any way. Please destroy it and contact us
> > immediately via e-mail return or by telephone at (65) 68372822. This
> > message has been prepared using information believed by the author to be
> > reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
> > of Companies ("Toppan") makes no warranty as to its accuracy or
> > completeness. Toppan does not accept responsibility for changes made to
> > this message after it was sent.
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Apache Tomcat 8.5.82 Release Date
Posted by Mark Thomas <ma...@apache.org>.
On 13/07/2022 10:46, Wai Siang, Chu wrote:
> Dear Apache Tomcat Team,
>
> We are aware there is a vulnerability found in the latest 8.5.xx version.
>
> *Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>
>
> Hence, may we check is there an estimated timeline for the *Apache Tomcat
> 8.5.82* release date?
Why?
Have you reviewed the vulnerability? It is a XSS in the examples app.
The examples app should never be deployed in a production environment.
Hence this vulnerability should be a non-issue for (nearly?) all users.
Like all currently supported Tomcat versions, 8.5.x is released on a
roughly monthly cycle. The July release for 8.5.x hasn't started yet so
I'd expect the release later this month.
If you want to follow release planning more closely, then that is
discussed on the dev list.
Mark
>
>
> Thank you.
>
> Regards,
> Wai Siang
>
> D: -
> M: (65) 9821 0409
> T: (65) 6837 2822
> F: (65) 6756 3839
> E : waisiang@toppanecquaria.com
>
> 11 Toa Payoh Lorong 3
> #02-31 Block C, Jackson Square
> Singapore 319579
>
> Toppan Ecquaria Pte. Ltd.
> Company Registration No: 199806305H
>
> www.toppanecquaria.com
>
> https://www.linkedin.com/company/toppan-ecquaria/
>
>
>
>
> STRICTLY CONFIDENTIAL - This message, its contents and any files
> transmitted with it are intended SOLELY for the addressee(s) and may be
> legally privileged and/or confidential. Access by any other party is
> unauthorised without the expressed written permission of the sender. If you
> have received this message in error, you may not copy or use the contents,
> attachments or information in any way. Please destroy it and contact us
> immediately via e-mail return or by telephone at (65) 68372822. This
> message has been prepared using information believed by the author to be
> reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
> of Companies ("Toppan") makes no warranty as to its accuracy or
> completeness. Toppan does not accept responsibility for changes made to
> this message after it was sent.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org