Neil Griffin created PLUTO-788:
----------------------------------
Summary: Upgrade to Tomcat 8.5.69 due to multiple CVE issues
Key: PLUTO-788
URL: https://issues.apache.org/jira/browse/PLUTO-788
Project: Pluto
Issue Type: Task
Components: build system
Affects Versions: 3.1.0
Reporter: Neil Griffin
Assignee: Neil Griffin
Fix For: 3.1.1
This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest
release of Tomcat 8.x at the time of this writing) in order to benefit from
security vulnerability fixes found in Tomcat. For more information, see the
[CVE Details for Apache
Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as
the following issues:
- CVE-2021-30639 Apache Tomcat DoS
- CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
- CVE-2021-33037 Apache Tomcat HTTP request smuggling
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
