You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Richard Zowalla (Jira)" <ji...@apache.org> on 2021/05/22 17:34:00 UTC

[jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)

     [ https://issues.apache.org/jira/browse/TOMEE-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Zowalla closed TOMEE-2909.
----------------------------------
    Fix Version/s: 7.0.9
       Resolution: Fixed

7.0.9 was relesaed in October 2020. The links were updated. Thus, I am closing this issue now.

> Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)
> ---------------------------------------------------------------------
>
>                 Key: TOMEE-2909
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2909
>             Project: TomEE
>          Issue Type: Bug
>            Reporter: Hariprasad tammineni
>            Assignee: Jonathan Gallimore
>            Priority: Major
>             Fix For: 7.0.9
>
>
> TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if TomEE plus (7.0.7) is impacted by [CVE-2020-9484|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484] or [BDSA-2020-1193|https://blackduck.opentext.net/api/vulnerabilities/BDSA-2020-1193/overview]?
> *Solution* - (Copied from BDSA record)
>  Fixed in [10.0.0.M5|https://github.com/apache/tomcat/releases/tag/10.0.0-M5] by [this|https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b] commit.
> The latest stable releases can be found [here|https://github.com/apache/tomcat/releases].
> [http://tomcat.apache.org/security-10.html]
> h4. Advisories
>  * [http://tomcat.apache.org/security-10.html]
> If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of Tomcat ?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)