[jira] [Resolved] (HBASE-29650) Upgrade tomcat-jasper to 9.0.110

Istvan Toth (Jira) Sat, 18 Oct 2025 07:59:29 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-29650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Istvan Toth resolved HBASE-29650.
---------------------------------
    Fix Version/s: 2.7.0
                   3.0.0-beta-2
                   2.6.4
                   2.5.13
       Resolution: Fixed

Committed to all active branches.
Thanks for the review [~zhangduo].

> Upgrade tomcat-jasper to 9.0.110
> --------------------------------
>
>                 Key: HBASE-29650
>                 URL: https://issues.apache.org/jira/browse/HBASE-29650
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>            Reporter: Istvan Toth
>            Assignee: Istvan Toth
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.0, 3.0.0-beta-2, 2.6.4, 2.5.13
>
>
> There is a CVE for 9.0.107 
> It does not actually affect us (as we only use jasper, not the web server), 
> but using the latest won't hurt and will reduce the chances of false 
> positives from static scanners etc.
> branch 3+ was updated to 9.0.107 as part of the Jetty upgrade, branch-2.x is 
> still on 9.0.104. We should be able to use the latest 9.0.110 on both.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (HBASE-29650) Upgrade tomcat-jasper to 9.0.110

Reply via email to