Planned fix for Tomcat included in JIRA 8.13.9 LTSR?

Russell Berry August 2, 2021

Jira 8.13.9 LTSR includes Apache Tomcat 8.5.65.
Apache Tomcat 8.5.65 is subject to CVE-2021-30640
Apache Tomcat 8.5.65 is subject to CVE-2021-33037
CVE-2021-30640 & CVE-2021-33037 - https://tomcat.apache.org/security-8.html#Apache_Tomcat_8.x_vulnerabilities
Finding the Bundled Tomcat Version Per JIRA Release - https://confluence.atlassian.com/jirakb/finding-the-bundled-tomcat-version-per-jira-release-779291457.html

1 answer

1 accepted

0 votes
Answer accepted
Carlos Garcia Navarro
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 2, 2021

Hi @Russell Berry ,

It seems that to tackle CVE-2021-33037, the recommendation is to upgrade Tomcat manually, as described here:

https://jira.atlassian.com/browse/JRASERVER-72609

I couldn't find a reference for CVE-2021-30640,

Russell Berry August 3, 2021

Thanks for your help. I searched for the CVE IDs and didn't get any hits but I see them come up now.

Suggest an answer

Log in or Sign up to answer