Re: Apache Tomcat 8.5.82 Release Date

[Mark Thomas]

On 13/07/2022 10:46, Wai Siang, Chu wrote:
Dear Apache Tomcat Team,
We are aware there is a vulnerability found in the latest 8.5.xx version.

*Low: Apache Tomcat XSS in examples web application* CVE-2022-34305
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305>

Hence, may we check is there an estimated timeline for the *Apache Tomcat
8.5.82* release date?

Why?

Have you reviewed the vulnerability? It is a XSS in the examples app. 
The examples app should never be deployed in a production environment. 
Hence this vulnerability should be a non-issue for (nearly?) all users.

Like all currently supported Tomcat versions, 8.5.x is released on a 
roughly monthly cycle. The July release for 8.5.x hasn't started yet so 
I'd expect the release later this month.

If you want to follow release planning more closely, then that is 
discussed on the dev list.

Mark




Thank you.

Regards,
Wai Siang

D: -
M: (65) 9821 0409
T: (65) 6837 2822
F: (65) 6756 3839
E : waisi...@toppanecquaria.com

11 Toa Payoh Lorong 3
#02-31 Block C, Jackson Square
Singapore 319579

Toppan Ecquaria Pte. Ltd.
Company Registration No: 199806305H

www.toppanecquaria.com

https://www.linkedin.com/company/toppan-ecquaria/




STRICTLY CONFIDENTIAL - This message, its contents and any files
transmitted with it are intended SOLELY for the addressee(s) and may be
legally privileged and/or confidential. Access by any other party is
unauthorised without the expressed written permission of the sender. If you
have received this message in error, you may not copy or use the contents,
attachments or information in any way. Please destroy it and contact us
immediately via e-mail return or by telephone at (65) 68372822. This
message has been prepared using information believed by the author to be
reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group
of Companies ("Toppan") makes no warranty as to its accuracy or
completeness. Toppan does not accept responsibility for changes made to
this message after it was sent.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org