17 Oct 2023 18:51:06 Donal Anglin :
No, only 8.x and 9.x.
The question was retorical. I wrote the official announcement.
I assume that Sonatype has done some investigation though.
Do you have any additional context I can share with them to inform
their
decision?
The onus is on Sonatype t
No, only 8.x and 9.x.
I assume that Sonatype has done some investigation though.
Do you have any additional context I can share with them to inform their
decision?
*Donal Anglin*
On Tue, Oct 17, 2023 at 6:23 PM Mark Thomas wrote:
> 17 Oct 2023 16:51:38 Donal Anglin :
>
> > Hey all,
> >
> > Sona
17 Oct 2023 16:51:38 Donal Anglin :
Hey all,
Sonatype are of the opinion that CVE-2023-42794 is also applicable to
the
10.x and 11.x streams of Tomcat and issued the notice:
The Sonatype Security Research team discovered that this vulnerability
is
also present and remains unfixed in the 10.x
Hey all,
Sonatype are of the opinion that CVE-2023-42794 is also applicable to the
10.x and 11.x streams of Tomcat and issued the notice:
The Sonatype Security Research team discovered that this vulnerability is
also present and remains unfixed in the 10.x and 11.x branches of Apache
Tomcat.
I as
