[IPT] Update docker tomcat?

Roger W . J . Alterskjær via IPT Thu, 22 Dec 2022 04:44:10 -0800

Our university IT-security guys have noticed that our docker container for 
gbif/ipt is running a vulnerable version of Tomcat: Apache Tomcat 8.5.x < 
8.5.83 which is vulnerable to "Request Smuggling Vulnerability" 
(CVE-2022-42252). They say that Tomcat 8.5.84 is the latest version of 8.5.


I see that we’re using maven:3.8-jdk-8 with hasn’t been updated for five months…

-Roger A

_______________________________________________
IPT mailing list
IPT@lists.gbif.org
https://lists.gbif.org/mailman/listinfo/ipt

[IPT] Update docker tomcat?

Reply via email to