Hello, Romain if I may: TomEE 7.0.4 relies on Tomcat 8.5.20 and not 8.5.23.
Best Regards. -----Original Message----- From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com] Sent: jeudi 23 novembre 2017 16:28 To: users@tomee.apache.org Subject: Re: Tomee install issue It is fixed in the 8.5.23 (https://tomcat.apache.org/security-8.html) which is the current tomee version Romain Manni-Bucau @rmannibucau | Blog | Old Blog | Github | LinkedIn 2017-11-23 16:21 GMT+01:00 Matthew Broadhead <matthew.broadh...@nbmlaw.co.uk>: > doesn't redhat use an old version of tomcat? last time i installed > from yum it was really out of date so i installed latest manually. are > you sure this applies to tomee? > > > On 23/11/2017 16:18, dkwakkel wrote: >> >> The latest CVE is of priority HIGH: >> https://access.redhat.com/security/cve/cve-2017-12617. >> Are tomcat vulnerabilities monitored and how is decided if a release >> will be made? In my opinion every HIGH vulnerability should result in >> a fixpack/release. If I can be of any help in this subject please let >> me know. >> >> >> >> -- >> Sent from: >> http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html > > ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
