[
https://issues.apache.org/jira/browse/PLUTO-788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Griffin closed PLUTO-788.
------------------------------
Resolution: Fixed
Fixed in commit
[9e131d706ba26261b2d0b0605badabdd6fb9cf65|https://github.com/apache/portals-pluto/commit/9e131d706ba26261b2d0b0605badabdd6fb9cf65]
> Upgrade to Tomcat 8.5.69 due to multiple CVE issues
> ---------------------------------------------------
>
> Key: PLUTO-788
> URL: https://issues.apache.org/jira/browse/PLUTO-788
> Project: Pluto
> Issue Type: Task
> Components: build system
> Affects Versions: 3.1.0
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.1.1
>
>
> This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest
> release of Tomcat 8.x at the time of this writing) in order to benefit from
> security vulnerability fixes found in Tomcat. For more information, see the
> [CVE Details for Apache
> Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as
> the following issues:
> - CVE-2021-30639 Apache Tomcat DoS
> - CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
> - CVE-2021-33037 Apache Tomcat HTTP request smuggling
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
