You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-dev@portals.apache.org by "Neil Griffin (Jira)" <ji...@apache.org> on 2021/07/13 22:55:00 UTC
[jira] [Closed] (PLUTO-788) Upgrade to Tomcat 8.5.69 due to
multiple CVE issues
[ https://issues.apache.org/jira/browse/PLUTO-788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neil Griffin closed PLUTO-788.
------------------------------
Resolution: Fixed
Fixed in commit [9e131d706ba26261b2d0b0605badabdd6fb9cf65|https://github.com/apache/portals-pluto/commit/9e131d706ba26261b2d0b0605badabdd6fb9cf65]
> Upgrade to Tomcat 8.5.69 due to multiple CVE issues
> ---------------------------------------------------
>
> Key: PLUTO-788
> URL: https://issues.apache.org/jira/browse/PLUTO-788
> Project: Pluto
> Issue Type: Task
> Components: build system
> Affects Versions: 3.1.0
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.1.1
>
>
> This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest release of Tomcat 8.x at the time of this writing) in order to benefit from security vulnerability fixes found in Tomcat. For more information, see the [CVE Details for Apache Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as the following issues:
> - CVE-2021-30639 Apache Tomcat DoS
> - CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
> - CVE-2021-33037 Apache Tomcat HTTP request smuggling
--
This message was sent by Atlassian Jira
(v8.3.4#803005)