You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Hariprasad tammineni (Jira)" <ji...@apache.org> on 2020/10/13 08:58:00 UTC

[jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)

Hariprasad tammineni created TOMEE-2909:
-------------------------------------------

             Summary: Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)
                 Key: TOMEE-2909
                 URL: https://issues.apache.org/jira/browse/TOMEE-2909
             Project: TomEE
          Issue Type: Bug
            Reporter: Hariprasad tammineni


TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if TomEE plus (7.0.7) is impacted by [CVE-2020-9484|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484]?

Apache Tomcat(8.5.51) addresses this vulnerability. Is there any scheduled release of TomEE plus(7.0.7) with this component ?
If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of Tomcat.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)