Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Planned fix for Tomcat included in JIRA 8.13.9 LTSR?

Russell Berry
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 2, 2021

Jira 8.13.9 LTSR includes Apache Tomcat 8.5.65.
Apache Tomcat 8.5.65 is subject to CVE-2021-30640
Apache Tomcat 8.5.65 is subject to CVE-2021-33037
CVE-2021-30640 & CVE-2021-33037 - https://tomcat.apache.org/security-8.html#Apache_Tomcat_8.x_vulnerabilities
Finding the Bundled Tomcat Version Per JIRA Release - https://confluence.atlassian.com/jirakb/finding-the-bundled-tomcat-version-per-jira-release-779291457.html

1 answer

1 accepted

0 votes
Answer accepted
Carlos Garcia Navarro
Community Champion
August 2, 2021

Hi @Russell Berry ,

It seems that to tackle CVE-2021-33037, the recommendation is to upgrade Tomcat manually, as described here:

https://jira.atlassian.com/browse/JRASERVER-72609

I couldn't find a reference for CVE-2021-30640,

Russell Berry
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 3, 2021

Thanks for your help. I searched for the CVE IDs and didn't get any hits but I see them come up now.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events