Alexandre Vermeerbergen created TOMEE-2497: ----------------------------------------------
Summary: Upgrade Tomcat in TomEE 7.0.x/7.1.x/8.0.x for CVE-2019-0199 Key: TOMEE-2497 URL: https://issues.apache.org/jira/browse/TOMEE-2497 Project: TomEE Issue Type: Documentation Components: TomEE Core Server Affects Versions: 8.0.0-M2, 7.1.0, 7.0.5 Reporter: Alexandre Vermeerbergen Fix For: 7.0.6, 7.1.1, 8.0.0-M3 Hello, CVE-2019-0199 Apache Tomcat HTTP/2 DoS seems rather easy to exploit, see: [https://www.mail-archive.com/dev@tomcat.apache.org/msg132386.html] Would it be possible to upgrade embedded Tomcat to 8.5.38 / 9.0.16 ASAP for snapshot releases of TomEE 7.0.6, TomEE 7.1.1, TomEE 8.x ? Kind regards, Alexandre -- This message was sent by Atlassian JIRA (v7.6.3#76005)