[
https://issues.apache.org/jira/browse/TOMEE-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17739701#comment-17739701
]
Richard Zowalla commented on TOMEE-4229:
----------------------------------------
You are only affected if you are using the AJP connector. That being said,
current TomEE 8 branch is already on Tomcat 9.0.76 (so it would be fixed within
the next release)
> CVE-2023-34981 in Apache TomEE 8.0.15
> -------------------------------------
>
> Key: TOMEE-4229
> URL: https://issues.apache.org/jira/browse/TOMEE-4229
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 8.0.15
> Reporter: Guzman Castanedo
> Priority: Major
>
> Hello,
> We have seen that Apache Tomcat version 9.0.74 has a high vulnerability
> (CVE-2023-34981).
> Looking Apache TomEE version 8.0.15 it has a Apache Tomcat 9.0.74 inside.
> Is this version of TomEE affected by the CVE-2023-34981 vulnerability?
> It is planned to solve this CVE in TomEE 8.0.X?
> Thank you very much.
> Best regards.
> References:
> * [https://tomcat.apache.org/security-9.html]
> * [https://nvd.nist.gov/vuln/detail/CVE-2023-34981]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
