[ https://issues.apache.org/jira/browse/PLUTO-788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neil Griffin closed PLUTO-788. ------------------------------ Resolution: Fixed Fixed in commit [9e131d706ba26261b2d0b0605badabdd6fb9cf65|https://github.com/apache/portals-pluto/commit/9e131d706ba26261b2d0b0605badabdd6fb9cf65] > Upgrade to Tomcat 8.5.69 due to multiple CVE issues > --------------------------------------------------- > > Key: PLUTO-788 > URL: https://issues.apache.org/jira/browse/PLUTO-788 > Project: Pluto > Issue Type: Task > Components: build system > Affects Versions: 3.1.0 > Reporter: Neil Griffin > Assignee: Neil Griffin > Priority: Major > Fix For: 3.1.1 > > > This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest > release of Tomcat 8.x at the time of this writing) in order to benefit from > security vulnerability fixes found in Tomcat. For more information, see the > [CVE Details for Apache > Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as > the following issues: > - CVE-2021-30639 Apache Tomcat DoS > - CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness > - CVE-2021-33037 Apache Tomcat HTTP request smuggling -- This message was sent by Atlassian Jira (v8.3.4#803005)