[ 
https://issues.apache.org/jira/browse/RANGER-5094?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Basapuram Kumar resolved RANGER-5094.
-------------------------------------
    Resolution: Duplicate

https://issues.apache.org/jira/browse/RANGER-4892

> Bump tomcat to 8.9.96
> ---------------------
>
>                 Key: RANGER-5094
>                 URL: https://issues.apache.org/jira/browse/RANGER-5094
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>    Affects Versions: 2.5.0
>            Reporter: Basapuram Kumar
>            Assignee: Basapuram Kumar
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
>  Bump tomcat to 8.9.96 to fix CVE-2023-46589
> CVE-2023-46589 Description
> ```
> Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 
> 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 
> through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP 
> trailer headers. A trailer header that exceeded the header size limit could 
> cause Tomcat to treat a single request as multiple requests leading to the 
> possibility of request smuggling when behind a reverse proxy. Users are 
> recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 
> onwards or 8.5.96 onwards, which fix the issue.
> ```
>  
> As per this tomcat *8.5.96* onwards has the {*}fix{*}, and currently ranger 
> uses *8.5.94.*
>  
> Suggesting to bump the tomcat to 8.5.96.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to