Neil Griffin created PLUTO-788: ---------------------------------- Summary: Upgrade to Tomcat 8.5.69 due to multiple CVE issues Key: PLUTO-788 URL: https://issues.apache.org/jira/browse/PLUTO-788 Project: Pluto Issue Type: Task Components: build system Affects Versions: 3.1.0 Reporter: Neil Griffin Assignee: Neil Griffin Fix For: 3.1.1
This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest release of Tomcat 8.x at the time of this writing) in order to benefit from security vulnerability fixes found in Tomcat. For more information, see the [CVE Details for Apache Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as the following issues: - CVE-2021-30639 Apache Tomcat DoS - CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness - CVE-2021-33037 Apache Tomcat HTTP request smuggling -- This message was sent by Atlassian Jira (v8.3.4#803005)