Pushed it earlier, deploying snapshots now: https://github.com/apache/tomee/commit/bdd41eb48076b370c07aaaa386c801049b17fca2
:-) Cheers Jon On Tue, Oct 10, 2017 at 5:56 PM, Alex The Rocker <[email protected]> wrote: > Hello, > > While checking latest TomEE 7.0.5, I noticed that it's based on Tomcat > 8.5.21. > > I recently received the following CVE alert with impacts Tomcat 8.5.x > until Tomcat 8.5.22: > > [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP > upload > > I see that it is fixed in Tomcat 8.5.23: > https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.23 > > Would it be possible to upgrade TomEE 7.0.5 snapshot dependency to > Tomcat 8.5.23 ? > > Best regards, > Alexandre >
