yes, for example CVE-2021-24122, for which fix exists in Tomcat 9.0.40 / 8.5.60 / etc. I hope this will be at least Tomcat's version embedded in upcoming TomEE 8.0.6
Kind regards, Alexandre Le mer. 13 janv. 2021 à 12:53, Jonathan Gallimore <[email protected]> a écrit : > > Yes. Is there a specific concern you have? > > On Wed, Jan 13, 2021 at 10:40 AM Alex The Rocker <[email protected]> > wrote: > > > Hello Jon, > > > > Would you please make sure that this 8.0.6 TomEE release will include > > latest CVEs fixes (from TomEE, ActiveMQ, etc) ? > > > > Kind regards; > > Alexandre > > > > Le ven. 8 janv. 2021 à 14:15, Jonathan Gallimore > > <[email protected]> a écrit : > > > > > > Hi All, > > > > > > Any objections if I kick off a 8.0.6 release? I think there are some > > > dependency updates that it would be useful to get included (specifically > > > Tomcat), and also there's a regression with using a non-transactional > > > ActiveMQ connection factory in a transactional method that I have fixed > > as > > > well. > > > > > > Thanks > > > > > > Jon > >
