On 01/07/2021 22:24, James H. H. Lampert wrote:


Also, I've got somebody complaining about CVE-2021-25329. I'm not sure I understand what CVE-2021-25329 is, or what the underlying CVE-2020-9484 is.

If the person complaining about CVE-2021-25329 can't explain (or demonstrate) why it is an issue for your environment (other than to state you are running version X and this CVE is listed against that version) I'd argue that the credibility of their complaint is significantly reduced.

doesn't exactly help a whole lot: it talks about "PersistenceManager," and I'm not entirely sure what that even *is.*

Have you tried looking in the Tomcat documentation? You want


It is an alternative session manager that persists session data via a configured Store. There are two Store implementations provided by default - File and DataSource.

You would know if you were using it as it requires explicit configuration.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to