On Wed, Jan 25, 2023, 3:04 PM Nein, Wade, OSE <[email protected]> wrote:
> Hello,
>
>
>
> I recently had a pentest of my network done. One finding is the version
> of tomcat Guacamole is using needs to be updated to resolve issues with
> CVE-2022-29885.
>
>
>
> I am unsure where the tomcat resides and how to update it. The suggested
> version is 8.5.79. I used a docker-compose file to get this setup.
>
The Docker image that we provide ("guacamole/guacamole") is rebuilt daily
to use the latest 8.5.x version of Tomcat, inherited from Docker's "tomcat"
image. It is currently using 8.5.85.
You may be using a different image, or using an out-of-date image, or your
pentesters may be mistaken.
- Mike
