After updating the Tomcat version from 9.0.54 to 9.0.80 still facing the CVE-2020-1938 error
then disabling port 8009 still facing the CVE-2020-1938 error <Connector port=”8009″ protocol=”AJP/1.3″ redirectPort=”8080″ address=”YOUR_TOMCAT_IP_ADDRESS” requiredSecret=”YOUR_TOMCAT_AJP_SECRET” /> -- should i configure proxy may be solve this issue ? Thanks & Regards Nithin ---- On Tue, 10 Oct 2023 16:27:46 +0530 Deepak Dixit <dee...@apache.org> wrote --- Hi Nitin, You can update the dependencies in build.gradle file https://github.com/apache/ofbiz-framework/blob/release18.12/build.gradle#L212 Please refer below commit for reference. https://github.com/apache/ofbiz-framework/commit/2bde518c6b0c85f7ed228806ff6bb25ed8ca81af Thanks & Regards -- Deepak Dixit ofbiz.apache.org On Tue, Oct 10, 2023 at 3:08 PM Nithin P <mailto:nithi...@yobitel.com> wrote: > Hi, All > I'm trying to create a docker image of Apache OFBiz image V18.12.06, > after trying to scan the image, and got two errors Does anyone know how to > upgrade the Tomcat version in Apache OFBiz or how to upgrade the Tomcat > version on dependencies in the build.Gradle? I am grateful for your kind > assistance and guidance > > > > ---- On Mon, 09 Oct 2023 13:50:15 +0530 *Nithin P > <mailto:nithi...@yobitel.com > <mailto:nithi...@yobitel.com>>* wrote --- > > Hi, Everyone > while trying to create a Docker image using Apache OFBiz V18.12.06 > image after successfully created image and faced a CVE-2020-1938 issue > while scanning > Does anyone know how to solve this I am grateful for your kind assistance > and guidance. > > > Best regards - Nithin.P > > > *This message contains confidential information and is intended only for > the individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. You cannot use or forward any > attachments in the email. Please notify the sender immediately by e-mail if > you have received this e-mail by mistake and delete this e-mail from your > system. Finally, the opinions disclosed by the sender do not have to > reflect those of the company, therefore the company refuses to take any > liability for the damage caused by the content of this email. Yobitel > Communications Limited, #11, Kingsley Mews, Ley Street, Ilford, London - > IG1 4BT, United Kingdom. www.yobitel.com <http://www.company.com>* > > > > > *This message contains confidential information and is intended only for > the individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. You cannot use or forward any > attachments in the email. Please notify the sender immediately by e-mail if > you have received this e-mail by mistake and delete this e-mail from your > system. Finally, the opinions disclosed by the sender do not have to > reflect those of the company, therefore the company refuses to take any > liability for the damage caused by the content of this email. Yobitel > Communications Limited, #11, Kingsley Mews, Ley Street, Ilford, London - > IG1 4BT, United Kingdom. www.yobitel.com <http://www.company.com>* > This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. You cannot use or forward any attachments in the email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Finally, the opinions disclosed by the sender do not have to reflect those of the company, therefore the company refuses to take any liability for the damage caused by the content of this email. Yobitel Communications Limited, #11, Kingsley Mews, Ley Street, Ilford, London - IG1 4BT, United Kingdom. www.yobitel.com