Hello, 2017-10-04 4:52 GMT+03:00 Caldarale, Charles R <chuck.caldar...@unisys.com>: > > > From: Baron Fujimoto [mailto:ba...@hawaii.edu] > > Subject: Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution > via JSP upload > > > I haven't seen an announcement for 8.0.47, nor does the Apache Tomcat > > website seem to reference it yet, but it appears to be available in the > > distribution archive(s). E.g.: > > > <http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.47/bin/> > > > Is this 8.0.47 blessed for use? > > Pretty much - the voting process completed over the weekend (it passed), but > the announcement isn't made until the mirrors all catch up. Should be fine > to use from the archive.
The Tomcat site was updated with information about version 8.0.47. Announcement also was sent. Regards, Violeta
