[jira] [Closed] (PLUTO-788) Upgrade to Tomcat 8.5.69 due to multiple CVE issues

Neil Griffin (Jira) Tue, 13 Jul 2021 15:55:06 -0700


     [ 
https://issues.apache.org/jira/browse/PLUTO-788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Neil Griffin closed PLUTO-788.
------------------------------
    Resolution: Fixed

Fixed in commit 
[9e131d706ba26261b2d0b0605badabdd6fb9cf65|https://github.com/apache/portals-pluto/commit/9e131d706ba26261b2d0b0605badabdd6fb9cf65]

> Upgrade to Tomcat 8.5.69 due to multiple CVE issues
> ---------------------------------------------------
>
>                 Key: PLUTO-788
>                 URL: https://issues.apache.org/jira/browse/PLUTO-788
>             Project: Pluto
>          Issue Type: Task
>          Components: build system
>    Affects Versions: 3.1.0
>            Reporter: Neil Griffin
>            Assignee: Neil Griffin
>            Priority: Major
>             Fix For: 3.1.1
>
>
> This task involves upgrading from Tomcat 8.5.40 to Tomcat 8.5.69 (the latest 
> release of Tomcat 8.x at the time of this writing) in order to benefit from 
> security vulnerability fixes found in Tomcat. For more information, see the 
> [CVE Details for Apache 
> Tomcat|https://www.cvedetails.com/product/887/Apache-Tomcat.html] as well as 
> the following issues:
> - CVE-2021-30639 Apache Tomcat DoS
> - CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
> - CVE-2021-33037 Apache Tomcat HTTP request smuggling



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Closed] (PLUTO-788) Upgrade to Tomcat 8.5.69 due to multiple CVE issues

Reply via email to