8.0.x for CVE-2019-0199

Alexandre Vermeerbergen (JIRA) Mon, 25 Mar 2019 05:59:22 -0700

Alexandre Vermeerbergen created TOMEE-2497:
----------------------------------------------


             Summary: Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for 
CVE-2019-0199
                 Key: TOMEE-2497
                 URL: https://issues.apache.org/jira/browse/TOMEE-2497
             Project: TomEE
          Issue Type: Documentation
          Components: TomEE Core Server
    Affects Versions: 8.0.0-M2, 7.1.0, 7.0.5
            Reporter: Alexandre Vermeerbergen
             Fix For: 7.0.6, 7.1.1, 8.0.0-M3


Hello,

CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: 
[https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html]

Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for 
snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ?

Kind regards,
Alexandre

 

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TOMEE-2497) Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199

Reply via email to