To clarify a bit more:
Feel free to provide a PR backporting the required changes (may also be
relevant for bouncycastle). We have recently updated our download page and now
explicitly state:
"SECURITY NOTICE: This software is developed and maintained by unpaid
volunteers who donate time as
Hello,
most likely yes (haven't checked in detail).
Personally, I'm not going to port anything back to TomEE 9.x as I'm currently
focused on 10.x work. However, I am available to review any community driven
patches/initiatives via PRs targeting tomee-9.x branch.
Best regards
Richard
On 2024/0
THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello everyone,
TomEE 9.1.3 is based on Tomcat 10.0.27.
So the question is: Is TomEE 9.1.3 vulnerable to this CVE ?
If the answer is yes, will you provide a fix for Tomcat 10.0.27 which is not
maintained anymore ? and so will you release a ne