The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
We've been made aware of a security vulnerability in Tomcat v8.5.50, which Crowd v4.2.0 (that we're currently using) comes with. Has Tomcat been upgraded if we upgrade Crowd to v4.2.2?
Hi @abbeycode ,
Based on release note unfortunately, not yet
https://confluence.atlassian.com/crowd/crowd-4-2-release-notes-1019381976.html
Please, share the CVE- and I hope Atlassian security team will check the risks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I submitted support tickets to Atlassian for Crowd (with two CVEs) and Jira and Bamboo, with one CVE that wasn't patched until Tomcat v8.5.60.
Patched in v8.5.56: CVE-2020-11996
Patched in v8.5.60: CVE-2021-24122
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...
Connect with like-minded Atlassian users at free events near you!
Find an eventConnect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.
Host an eventYou're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.