Martin, On 10/8/20 02:35, Martin Grigorov wrote: > Hi, > > On Thu, Oct 8, 2020 at 9:32 AM Tosh, Bibhuti Bhusan (Bibhuti) < > bt...@avaya.com> wrote: > >> HI All, >> I am an user of tomcat7 version. I wanted to know this version tomcat >> 7.0.105 supports HTTP2 and CVE-2020-11996 is still applicable to tis >> version. I did not any reference of tomcat7 supporting HTTP2 and so asking >> this questions to community. Thanks in advance. >> > > No, HTTP/2 is available in 8.5.+
Notably, CVE-2020-11996 does not claim that Tomcat 7 is affected. CVEs don't usually mention products that have already been EOL'd which is why Tomcat 8.0 (for example) isn't mentioned. But Tomcat 7 is still supported and isn't mentioned in the tracker, therefore it is not vulnerable. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org