Richard Zowalla created TOMEE-4230:
--------------------------------------
Summary: Backport fix for CVE-2023-34981
Key: TOMEE-4230
URL: https://issues.apache.org/jira/browse/TOMEE-4230
Project: TomEE
Issue Type: Dependency upgrade
Components: TomEE Core Server
Affects Versions: 8.0.15
Reporter: Guzman Castanedo
Assignee: Richard Zowalla
Fix For: 8.0.16
Hello,
We have seen that Apache Tomcat version 9.0.74 has a high vulnerability
(CVE-2023-34981).
Looking Apache TomEE version 8.0.15 it has a Apache Tomcat 9.0.74 inside.
Is this version of TomEE affected by the CVE-2023-34981 vulnerability?
It is planned to solve this CVE in TomEE 8.0.X?
Thank you very much.
Best regards.
References:
* [https://tomcat.apache.org/security-9.html]
* [https://nvd.nist.gov/vuln/detail/CVE-2023-34981]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
