Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Tomcat version in Crowd 4.2.2?

abbeycode February 17, 2021

We've been made aware of a security vulnerability in Tomcat v8.5.50, which Crowd v4.2.0 (that we're currently using) comes with. Has Tomcat been upgraded if we upgrade Crowd to v4.2.2?

3 answers

1 accepted

0 votes
Answer accepted
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 18, 2021

Hi @abbeycode , 

Based on release note unfortunately, not yet

https://confluence.atlassian.com/crowd/crowd-4-2-release-notes-1019381976.html

 

Please, share the CVE- and I hope Atlassian security team will check the risks. 

0 votes
abbeycode February 18, 2021

I submitted support tickets to Atlassian for Crowd (with two CVEs) and Jira and Bamboo, with one CVE that wasn't patched until Tomcat v8.5.60.

 

Patched in v8.5.56: CVE-2020-11996

Patched in v8.5.60: CVE-2021-24122

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events