On 16/11/2022 23:45, David Alejandro Christensen Arreola wrote:
Hi Users,
My question is about whether a vulnerability applies to my particular
application. My application is using tomcat-embed.
Being tomcat-embed derived from Tomcat server, could tomcat-embed has the
vulnerabilities that Tomcat server has?
Yes.
In affirmative case, is disclosure of vulnerability going to mention
tomcat-embed or Tomcat Server only when applicable?
No. Vulnerabilities apply to all configurations unless the vulnerability
description explicitly states otherwise.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
