You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pluto-dev@portals.apache.org by "Neil Griffin (Jira)" <ji...@apache.org> on 2021/07/13 22:50:00 UTC

[jira] [Created] (PLUTO-788) Upgrade to Tomcat 8.5.69 due to multiple CVE issues

Neil Griffin created PLUTO-788:
----------------------------------

             Summary: Upgrade to Tomcat 8.5.69 due to multiple CVE issues
                 Key: PLUTO-788
                 URL: https://issues.apache.org/jira/browse/PLUTO-788
             Project: Pluto
          Issue Type: Task
          Components: build system
    Affects Versions: 3.1.0
            Reporter: Neil Griffin
            Assignee: Neil Griffin
             Fix For: 3.1.1


This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest release of Tomcat 8.x at the time of this writing) in order to benefit from security vulnerability fixes found in Tomcat. For more information, see the [CVE Details for Apache Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as the following issues:

- CVE-2021-30639 Apache Tomcat DoS
- CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
- CVE-2021-33037 Apache Tomcat HTTP request smuggling



--
This message was sent by Atlassian Jira
(v8.3.4#803005)