You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-dev@portals.apache.org by "Neil Griffin (Jira)" <ji...@apache.org> on 2021/07/13 22:50:00 UTC
[jira] [Created] (PLUTO-788) Upgrade to Tomcat 8.5.69 due to
multiple CVE issues
Neil Griffin created PLUTO-788:
----------------------------------
Summary: Upgrade to Tomcat 8.5.69 due to multiple CVE issues
Key: PLUTO-788
URL: https://issues.apache.org/jira/browse/PLUTO-788
Project: Pluto
Issue Type: Task
Components: build system
Affects Versions: 3.1.0
Reporter: Neil Griffin
Assignee: Neil Griffin
Fix For: 3.1.1
This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest release of Tomcat 8.x at the time of this writing) in order to benefit from security vulnerability fixes found in Tomcat. For more information, see the [CVE Details for Apache Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as the following issues:
- CVE-2021-30639 Apache Tomcat DoS
- CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
- CVE-2021-33037 Apache Tomcat HTTP request smuggling
--
This message was sent by Atlassian Jira
(v8.3.4#803005)