Alexandre Vermeerbergen created TOMEE-2497:

             Summary: Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for 
                 Key: TOMEE-2497
             Project: TomEE
          Issue Type: Documentation
          Components: TomEE Core Server
    Affects Versions: 8.0.0-M2, 7.1.0, 7.0.5
            Reporter: Alexandre Vermeerbergen
             Fix For: 7.0.6, 7.1.1, 8.0.0-M3


CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: 

Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for 
snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ?

Kind regards,




This message was sent by Atlassian JIRA

Reply via email to