Apache Tomcat in JIRA

I am new to JIRA and Open Source Software. We are using Apache Tomcat in our JIRA server and version is 8.5.72.

May I know what is the purpose of using Apache Tomcat server in JIRA?

How do we configure it? is it configured to persist sessions using the FileStore?

May I know how CVE-2022-2318 is affects to Jira system which used Apache tomcat ?

2 answers

1 vote

Atlassian's security team is evaluating CVE-2022-23181, which was released by the Apache foundation four days ago . Apache's initial severity listing on their mailing list is low. The public issue related to Atlassian's investigation for Jira is JRASERVER-73223 , which you can watch for updates.

Cheers,
Daniel

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Hi @Janaki Lenagala

Apache Tomcat is bundled along with Applications (Jira, Confluence, Bitbucket)

Here are version references for the same

https://confluence.atlassian.com/jiracore/bundled-tomcat-and-java-versions-1013854250.html

FAQ regarding the same

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Thanks,
Pramodh

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thank you for the reply.

CVE-2022-23181 is not listed in the above vulnerability list.

How do we find whether JIRA is vulnerable to CVE-2022-23181 ?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Apache Tomcat in JIRA

2 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events