[ https://issues.apache.org/jira/browse/TOMEE-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Zowalla closed TOMEE-2909. ---------------------------------- Fix Version/s: 7.0.9 Resolution: Fixed 7.0.9 was relesaed in October 2020. The links were updated. Thus, I am closing this issue now. > Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7) > --------------------------------------------------------------------- > > Key: TOMEE-2909 > URL: https://issues.apache.org/jira/browse/TOMEE-2909 > Project: TomEE > Issue Type: Bug > Reporter: Hariprasad tammineni > Assignee: Jonathan Gallimore > Priority: Major > Fix For: 7.0.9 > > > TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if > TomEE plus (7.0.7) is impacted by > [CVE-2020-9484|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484] > or > [BDSA-2020-1193|https://blackduck.opentext.net/api/vulnerabilities/BDSA-2020-1193/overview]? > *Solution* - (Copied from BDSA record) > Fixed in [10.0.0.M5|https://github.com/apache/tomcat/releases/tag/10.0.0-M5] > by > [this|https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b] > commit. > The latest stable releases can be found > [here|https://github.com/apache/tomcat/releases]. > [http://tomcat.apache.org/security-10.html] > h4. Advisories > * [http://tomcat.apache.org/security-10.html] > If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of > Tomcat ? -- This message was sent by Atlassian Jira (v8.3.4#803005)