Planned fix for Tomcat included in JIRA 8.13.9 LTSR?

Jira 8.13.9 LTSR includes Apache Tomcat 8.5.65.
Apache Tomcat 8.5.65 is subject to CVE-2021-30640
Apache Tomcat 8.5.65 is subject to CVE-2021-33037
CVE-2021-30640 & CVE-2021-33037 - https://tomcat.apache.org/security-8.html#Apache_Tomcat_8.x_vulnerabilities
Finding the Bundled Tomcat Version Per JIRA Release - https://confluence.atlassian.com/jirakb/finding-the-bundled-tomcat-version-per-jira-release-779291457.html

1 answer

0 votes

Answer accepted

It seems that to tackle CVE-2021-33037, the recommendation is to upgrade Tomcat manually, as described here:

I couldn't find a reference for CVE-2021-30640,

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Thanks for your help. I searched for the CVE IDs and didn't get any hits but I see them come up now.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.