The TomEE Patch Plugin doesn't rewrite the content of the manifest files ;-)
You could check the file hashes or the related classes, which required patching
Gruß
Richard
Am 13. November 2023 17:42:18 MEZ schrieb COURTAULT Francois
:
>THALES GROUP LIMITED DISTRIBUTION to email recipients
>
THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello Jonathan
You wrote:
" > One comment I'll make though, is that NexusIQ (I also use it) will
> potentially still identify the jars as Tomcat 10.0.27, and therefore
> may still identify them as vulnerable (incorrectly), despite a patch
I will check on the state of these CVEs with respect to the backports, and
reply on this thread.
One comment I'll make though, is that NexusIQ (I also use it) will
potentially still identify the jars as Tomcat 10.0.27, and therefore may
still identify them as vulnerable (incorrectly), despite a
THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello Richard,
I performed a vulnerabilities scan using NexusIQ, the result are:
- CVE-2022-45143 (CVSS 3 scoring 7.5) on tomcat-catalina : 10.0.27
- CVE-2023-24998 (CVSS 3 scoring 7.5) on tomcat-coyote : 10.0.27
Some of our
THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello everyone,
According to this link https://tomcat.apache.org/tomcat-10.0-eol.html Tomcat
10.0.x is EOL, right?
But TomEE 9.1.1 still rely on Tomcat 10.0.x.
Any plan to migrate TomEE 9.x to Tomcat 10.1.x ?
Best Regards.