Heads up! On March 5, starting at 4:30 PM Pacific Time, our community will be undergoing scheduled maintenance for a few hours. During this time, you might find the site temporarily inaccessible. Thanks for your patience. Read more.

×
Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

CVE-2024-56337

Martin Neal March 4, 2025

 

 

Jira v9.12.16 on Redhat 8.10

Atlassian upgrades do not address this Vulnerability\

Upgrade to Apache Tomcat version 9.0.98 or later

/opt/atlassian/jira installed version 9.0.07

 

 

 

 

 

Jira v9.12.16

1 answer

1 vote
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 4, 2025

@Martin Neal Atlassian does bundle their product with Apache but you should still be updating it to prevent security vulnerabilities.  If you would like to use a bundle to accomplish this you would need to move to 10.3 or higher.  If you do not want to upgrade because you are on a long-term release you can follow this help document - https://confluence.atlassian.com/jirakb/how-to-upgrade-the-apache-tomcat-version-used-by-jira-server-and-data-center-879957866.html 

As with all production upgrades you should backup your instance or even better make an image of it before performing the upgrade.  I would suggest making an image, performing the upgrade on the image and validating that everything works before making the upgrade in production.

Suggest an answer

Log in or Sign up to answer