8.0.x for CVE-2019-0199

Martin Wiesner (JIRA) Tue, 28 May 2019 12:17:13 -0700


     [ 
https://issues.apache.org/jira/browse/TOMEE-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Wiesner closed TOMEE-2497.
---------------------------------
    Resolution: Duplicate

Closed as duplicate of TOMEE-2523 which will bring Tomcat to version 9.0.20 in 
TomEE 8.0.0-M3.

> Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199
> -----------------------------------------------------------
>
>                 Key: TOMEE-2497
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2497
>             Project: TomEE
>          Issue Type: Documentation
>          Components: TomEE Core Server
>    Affects Versions: 7.0.5, 7.1.0, 8.0.0-M2
>            Reporter: Alexandre Vermeerbergen
>            Assignee: Jonathan Gallimore
>            Priority: Major
>             Fix For: 7.0.6, 7.1.1, 8.0.0-M3
>
>
> Hello,
> CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: 
> [https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html]
> Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for 
> snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ?
> Kind regards,
> Alexandre
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Closed] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199

Reply via email to