Do the tomcat CVEs: CVE-2021-25329 & CVE-2021-25122 affect Jira 8.16.1?

Srikanth Pinninti May 27, 2021

Per the link for the fix for Tomcat vulnerabilities, the vulnerable versions are 8.16.0 and below, and the fix version is 8.17.0. Does that mean 8.16.1 is also a fix?

https://jira.atlassian.com/browse/JRASERVER-72211?src=confmacro

1 answer

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 27, 2021

No, the fix version is 8.17, so lower versions will generally not contain the fix (or may not even have the problem)

The exception is the long-term-releases (8.5 and 8.13) - their point releases may get retro-fixes to enable people to stay on them for longer.

Suggest an answer

Log in or Sign up to answer