Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2497

Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199

    XMLWordPrintableJSON

    Details

    • Type: Documentation
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 7.0.5, 7.1.0, 8.0.0-M2
    • Fix Version/s: 7.0.6, 7.1.1, 8.0.0-M3
    • Component/s: TomEE Core Server
    • Labels:
      None

      Description

      Hello,

      CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html

      Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ?

      Kind regards,
      Alexandre

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              jgallimore Jonathan Gallimore
              Reporter:
              avermeerbergen Alexandre Vermeerbergen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: