[ 
https://issues.apache.org/jira/browse/TOMEE-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jonathan Gallimore reassigned TOMEE-2497:
-----------------------------------------

    Assignee: Jonathan Gallimore

> Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199
> -----------------------------------------------------------
>
>                 Key: TOMEE-2497
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2497
>             Project: TomEE
>          Issue Type: Documentation
>          Components: TomEE Core Server
>    Affects Versions: 7.0.5, 7.1.0, 8.0.0-M2
>            Reporter: Alexandre Vermeerbergen
>            Assignee: Jonathan Gallimore
>            Priority: Major
>             Fix For: 7.0.6, 7.1.1, 8.0.0-M3
>
>
> Hello,
> CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: 
> [https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html]
> Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for 
> snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ?
> Kind regards,
> Alexandre
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to