Per the link for the fix for Tomcat vulnerabilities, the vulnerable versions are 8.16.0 and below, and the fix version is 8.17.0. Does that mean 8.16.1 is also a fix?
https://jira.atlassian.com/browse/JRASERVER-72211?src=confmacro
No, the fix version is 8.17, so lower versions will generally not contain the fix (or may not even have the problem)
The exception is the long-term-releases (8.5 and 8.13) - their point releases may get retro-fixes to enable people to stay on them for longer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.