> On Jul 15, 2024, at 12:24, Jurevich, Aidan > <ajurev...@thorntontomasetti.com.INVALID> wrote: > > My organization has a few devices that have the file tomcat-juli-8.5.57.jar > installed on them via the program Altair and are showing up as vulnerable to > CVE-2019-0232 and CVE-2020-1938, which according to your documentation seems > to be fixed for this version of the file. This seems to be an issue with > Microsoft Defender being unable to read the version of the file. I was just > making sure for our records that this issue has been solved as well as > checking to see if you had any recommendations about how we can get this file > to stop popping up as vulnerable.
Something Chris didn’t mention: Tomcat 8.5.x reached end-of-life on 31 March 2024, so any 3rd-party still using it internally is completely on their own and fully responsible for all support thereof. You really should insist that Altair upgrade their product immediately. - Chuck --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org