[GitHub] [tomcat-jakartaee-migration] abdulmuqsith commented on issue #23: Vulnerability with Apache Commons Compress v1.20

abdulmuqsith commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897316898 Vulnerability scanning tools are reporting Tomcat as vulnerable even though this CVE is very unlikely to be exploited. Any plans to upgrade Commons Compress?

[GitHub] [tomcat-jakartaee-migration] ebourg commented on issue #23: Vulnerability with Apache Commons Compress v1.20

ebourg commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897111748 Very vaguely relevant, the tool would have to be used on an untrusted war, but that's not really the use case intended. -- This is an automated message from the

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r687092579 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat-jakartaee-migration] markt-asf commented on issue #23: Vulnerability with Apache Commons Compress v1.20

markt-asf commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897054343 Relevant how? How does an attacker exploit this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub

[GitHub] [tomcat] rrodewald commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

rrodewald commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r687058556 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }

[GitHub] [tomcat-jakartaee-migration] ebourg commented on issue #23: Vulnerability with Apache Commons Compress v1.20

ebourg commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897000783 Only CVE-2021-36090 is relevant here, we only use the zip archive implementation of Commons Compress. -- This is an automated message from the Apache Git Service.

Re: [VOTE] Release Apache Tomcat 8.5.70

пн, 9 авг. 2021 г. в 23:05, Mark Thomas : > > The proposed Apache Tomcat 8.5.70 release is now available for voting. > > Chris was having some difficulties before the weekend getting the > release to build. He hasn't had time to get to the bottom of these > issues and time is ticking on so I took

[GitHub] [tomcat-jakartaee-migration] abdulmuqsith opened a new issue #23: Vulnerability with Apache Commons Compress v1.20

abdulmuqsith opened a new issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23 The Apache Commons Compress v1.20 library included in this library has following CVEs associated:   | Identifier | Published | Overall Score -- | -- | -- | --

Re: openssl-3.0.0 test failures with 9.0.x (I have not checked the other branches)

On 10/08/2021 14:02, jean-frederic clere wrote: Hi, I have the following failure with ant test:    [concat] TEST-org.apache.tomcat.util.net.TestSSLHostConfigCompat.APR.txt    [concat] TEST-org.apache.tomcat.util.net.TestSSLHostConfigCompat.NIO.txt    [concat]

[GitHub] [tomcat] michael-o commented on a change in pull request #444: Delegate check for preemptive authentication from AuthenticatorBase to affected Authenticators

michael-o commented on a change in pull request #444: URL: https://github.com/apache/tomcat/pull/444#discussion_r686570618 ## File path: java/org/apache/catalina/authenticator/SSLAuthenticator.java ## @@ -104,7 +104,7 @@ protected String getAuthMethod() { }