Jira 8.13.9 LTSR includes Apache Tomcat 8.5.65.
Apache Tomcat 8.5.65 is subject to CVE-2021-30640
Apache Tomcat 8.5.65 is subject to CVE-2021-33037
CVE-2021-30640 & CVE-2021-33037 - https://tomcat.apache.org/security-8.html#Apache_Tomcat_8.x_vulnerabilities
Finding the Bundled Tomcat Version Per JIRA Release - https://confluence.atlassian.com/jirakb/finding-the-bundled-tomcat-version-per-jira-release-779291457.html
Hi @Russell Berry ,
It seems that to tackle CVE-2021-33037, the recommendation is to upgrade Tomcat manually, as described here:
https://jira.atlassian.com/browse/JRASERVER-72609
I couldn't find a reference for CVE-2021-30640,
Thanks for your help. I searched for the CVE IDs and didn't get any hits but I see them come up now.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.