You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by "Sven Gottwald (JIRA)" <ji...@apache.org> on 2017/10/10 05:07:00 UTC
[jira] [Created] (GUACAMOLE-410) Update Apache Tomcat due to
security isses
Sven Gottwald created GUACAMOLE-410:
---------------------------------------
Summary: Update Apache Tomcat due to security isses
Key: GUACAMOLE-410
URL: https://issues.apache.org/jira/browse/GUACAMOLE-410
Project: Guacamole
Issue Type: Improvement
Components: guacamole-docker
Affects Versions: 0.9.13-incubating
Environment: Official guacamole docker image https://hub.docker.com/r/guacamole/guacamole/
Reporter: Sven Gottwald
Priority: Critical
The official guacamole docker image uses tomcat 8.0.20-jre8. This tomcat Version is outdated and contains several security issues (see [Apache Tomcat 8.x vulnerabilities|http://tomcat.apache.org/security-8.html]). The last issue was [CVE-2017-12617|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617] which allows remote code execution.
Tomcat should be updated to version 8.0.47 ASAP.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)