You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.
View groupJoin the community to find out what other Atlassian users are discussing, debating and creating.
We've been made aware of a security vulnerability in Tomcat v8.5.50, which Crowd v4.2.0 (that we're currently using) comes with. Has Tomcat been upgraded if we upgrade Crowd to v4.2.2?
Hi @abbeycode ,
Based on release note unfortunately, not yet
https://confluence.atlassian.com/crowd/crowd-4-2-release-notes-1019381976.html
Please, share the CVE- and I hope Atlassian security team will check the risks.
I submitted support tickets to Atlassian for Crowd (with two CVEs) and Jira and Bamboo, with one CVE that wasn't patched until Tomcat v8.5.60.
Patched in v8.5.56: CVE-2020-11996
Patched in v8.5.60: CVE-2021-24122
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond. A long time favorite, Team Cale...
Connect with like-minded Atlassian users at free events near you!
Find an eventConnect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.
Host an eventYou're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.