[ https://issues.apache.org/jira/browse/TOMEE-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Wiesner closed TOMEE-2497. --------------------------------- Resolution: Duplicate Closed as duplicate of TOMEE-2523 which will bring Tomcat to version 9.0.20 in TomEE 8.0.0-M3. > Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199 > ----------------------------------------------------------- > > Key: TOMEE-2497 > URL: https://issues.apache.org/jira/browse/TOMEE-2497 > Project: TomEE > Issue Type: Documentation > Components: TomEE Core Server > Affects Versions: 7.0.5, 7.1.0, 8.0.0-M2 > Reporter: Alexandre Vermeerbergen > Assignee: Jonathan Gallimore > Priority: Major > Fix For: 7.0.6, 7.1.1, 8.0.0-M3 > > > Hello, > CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: > [https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html] > Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for > snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ? > Kind regards, > Alexandre > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)