Dear Apache Tomcat Team, Based on the previous email reply, may we have an update regarding the estimated release date for the *Apache Tomcat 8.5.82* ?
Thank you. Regards, Wai Siang D: - M: (65) 9821 0409 T: (65) 6837 2822 F: (65) 6756 3839 E : waisi...@toppanecquaria.com 11 Toa Payoh Lorong 3 #02-31 Block C, Jackson Square Singapore 319579 Toppan Ecquaria Pte. Ltd. Company Registration No: 199806305H www.toppanecquaria.com https://www.linkedin.com/company/toppan-ecquaria/ STRICTLY CONFIDENTIAL - This message, its contents and any files transmitted with it are intended SOLELY for the addressee(s) and may be legally privileged and/or confidential. Access by any other party is unauthorised without the expressed written permission of the sender. If you have received this message in error, you may not copy or use the contents, attachments or information in any way. Please destroy it and contact us immediately via e-mail return or by telephone at (65) 68372822. This message has been prepared using information believed by the author to be reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan Group of Companies ("Toppan") makes no warranty as to its accuracy or completeness. Toppan does not accept responsibility for changes made to this message after it was sent. On Tue, Jul 26, 2022 at 10:46 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Wai Siang, > > On 7/26/22 00:13, Wai Siang, Chu wrote: > > Based on the previous email reply, > > may we have an update regarding the estimated release date for the > *Apache > > Tomcat 8.5.82* ? > > I expect to begin the release process around 1 August (6 days from today). > > Please note that upgrading to Tomcat 8.5.82 once it is available should > not provide any actual security protections in a production environment. > If you have deployed the "examples" web application into production then > you are already making a mistake, security-wise. Simply removing the > application entirely mitigates the threat. > > -chris > > > On Wed, Jul 13, 2022 at 6:00 PM Mark Thomas <ma...@apache.org> wrote: > > > >> On 13/07/2022 10:46, Wai Siang, Chu wrote: > >>> Dear Apache Tomcat Team, > >>> > >>> We are aware there is a vulnerability found in the latest 8.5.xx > version. > >>> > >>> *Low: Apache Tomcat XSS in examples web application* CVE-2022-34305 > >>> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305> > >>> > >>> Hence, may we check is there an estimated timeline for the *Apache > Tomcat > >>> 8.5.82* release date? > >> > >> Why? > >> > >> Have you reviewed the vulnerability? It is a XSS in the examples app. > >> The examples app should never be deployed in a production environment. > >> Hence this vulnerability should be a non-issue for (nearly?) all users. > >> > >> Like all currently supported Tomcat versions, 8.5.x is released on a > >> roughly monthly cycle. The July release for 8.5.x hasn't started yet so > >> I'd expect the release later this month. > >> > >> If you want to follow release planning more closely, then that is > >> discussed on the dev list. > >> > >> Mark > >> > >> > >>> > >>> > >>> Thank you. > >>> > >>> Regards, > >>> Wai Siang > >>> > >>> D: - > >>> M: (65) 9821 0409 > >>> T: (65) 6837 2822 > >>> F: (65) 6756 3839 > >>> E : waisi...@toppanecquaria.com > >>> > >>> 11 Toa Payoh Lorong 3 > >>> #02-31 Block C, Jackson Square > >>> Singapore 319579 > >>> > >>> Toppan Ecquaria Pte. Ltd. > >>> Company Registration No: 199806305H > >>> > >>> www.toppanecquaria.com > >>> > >>> https://www.linkedin.com/company/toppan-ecquaria/ > >>> > >>> > >>> > >>> > >>> STRICTLY CONFIDENTIAL - This message, its contents and any files > >>> transmitted with it are intended SOLELY for the addressee(s) and may be > >>> legally privileged and/or confidential. Access by any other party is > >>> unauthorised without the expressed written permission of the sender. If > >> you > >>> have received this message in error, you may not copy or use the > >> contents, > >>> attachments or information in any way. Please destroy it and contact us > >>> immediately via e-mail return or by telephone at (65) 68372822. This > >>> message has been prepared using information believed by the author to > be > >>> reliable and accurate, but Toppan Ecquaria Pte. Ltd. and the Toppan > Group > >>> of Companies ("Toppan") makes no warranty as to its accuracy or > >>> completeness. Toppan does not accept responsibility for changes made to > >>> this message after it was sent. > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
