On 01/07/2021 22:24, James H. H. Lampert wrote:
<snip/>
Also, I've got somebody complaining about CVE-2021-25329. I'm not sure I
understand what CVE-2021-25329 is, or what the underlying CVE-2020-9484
is.
If the person complaining about CVE-2021-25329 can't explain (or
demonstrate) why it is an issue for your environment (other than to
state you are running version X and this CVE is listed against that
version) I'd argue that the credibility of their complaint is
significantly reduced.
And
https://nvd.nist.gov/vuln/detail/CVE-2020-9484
doesn't exactly help a whole lot: it talks about "PersistenceManager,"
and I'm not entirely sure what that even *is.*
Have you tried looking in the Tomcat documentation? You want
https://tomcat.apache.org/tomcat-8.5-doc/config/manager.html
It is an alternative session manager that persists session data via a
configured Store. There are two Store implementations provided by
default - File and DataSource.
You would know if you were using it as it requires explicit configuration.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
