[TOMEE-2497] Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Documentation
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: 7.0.5, 7.1.0, 8.0.0-M2
Fix Version/s: 7.0.6, 7.1.1, 8.0.0-M3
Component/s: TomEE Core Server
Labels:
None

Description

Hello,

CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html

Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ?

Kind regards,
Alexandre

Attachments

Activity

People

Assignee:: Jonathan Gallimore

Reporter:: Alexandre Vermeerbergen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Mar/19 12:58

Updated:: 28/May/19 19:16

Resolved:: 28/May/19 19:16