Hello,
We have several tomcat instances that use a single CATALINA_HOME which
is a symlink for a specific version. The Tomcat instance we use is
very barebones and doesn't have any of the apps that come with it.
For example,
The CATALINA_HOME points to a symlink
17 Oct 2023 18:51:06 Donal Anglin :
No, only 8.x and 9.x.
The question was retorical. I wrote the official announcement.
I assume that Sonatype has done some investigation though.
Do you have any additional context I can share with them to inform
their
decision?
The onus is on Sonatype
No, only 8.x and 9.x.
I assume that Sonatype has done some investigation though.
Do you have any additional context I can share with them to inform their
decision?
*Donal Anglin*
On Tue, Oct 17, 2023 at 6:23 PM Mark Thomas wrote:
> 17 Oct 2023 16:51:38 Donal Anglin :
>
> > Hey all,
> >
> >
17 Oct 2023 16:51:38 Donal Anglin :
Hey all,
Sonatype are of the opinion that CVE-2023-42794 is also applicable to
the
10.x and 11.x streams of Tomcat and issued the notice:
The Sonatype Security Research team discovered that this vulnerability
is
also present and remains unfixed in the
Hey all,
Sonatype are of the opinion that CVE-2023-42794 is also applicable to the
10.x and 11.x streams of Tomcat and issued the notice:
The Sonatype Security Research team discovered that this vulnerability is
also present and remains unfixed in the 10.x and 11.x branches of Apache
Tomcat.
I
We are running 9.0.78 on RHEL 7. During our monthly patch and reboot cycle one
the Tomcat running on one system failed to restart. The error said that there
was a running version of Tomcat with a low PID number. Just rerunning the start
“systemctl start tomcat” solved the issue. We use the
Thanks, Christopher, for looking into this issue.
Tomcat version:
Server version: Apache Tomcat/9.0.74
Server built: Apr 13, 2023 08:10:39 UTC
Server number: 9.0.74.0
We became aware of this issue a few days ago when it was reported by a
customer due to a critical internal API failure, where