Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Tomcat versions #4836

Open
1 task
oleksandrmaksiuta opened this issue Dec 4, 2024 · 2 comments
Open
1 task

Bump Tomcat versions #4836

oleksandrmaksiuta opened this issue Dec 4, 2024 · 2 comments
Assignees
@venetrius
Labels
group:stale DRI: Yana type:task Issues that are a change to the project that is neither a feature nor a bug fix.

Comments

@oleksandrmaksiuta
Copy link

oleksandrmaksiuta commented Dec 4, 2024
edited
Loading

Acceptance Criteria

  • Tomcat 9 version >= 9.0.96
  • Tomcat 10 version >= 10.1.31

Hints

Tomcat has critical vulnerability allowing the user to bypass the authentication process. Reference CVE-2024-52316. It has been fixed in v9.0.96+ and v10.1.31+. This PR bumps Tomcat up to the latest available versions.

Links

Pull Requests
Beta Give feedback
  1. chore(parent): Bump Tomcat versions to 9.0.97 and 10.1.33 (#4836) #4837
    ci:tomcat
    venetrius

Dev2QA handover

  • Does this ticket need a QA test and the testing goals are not clear from the description? Add a Dev2QA handover comment
@oleksandrmaksiuta oleksandrmaksiuta added the type:task Issues that are a change to the project that is neither a feature nor a bug fix. label Dec 4, 2024
oleksandrmaksiuta added a commit to oleksandrmaksiuta/camunda-bpm-platform that referenced this issue Dec 4, 2024
@oleksandrmaksiuta
chore(parent): Bump Tomcat versions to 9.0.97 and 10.1.33 (camunda#4836)
94ff975
@oleksandrmaksiuta oleksandrmaksiuta mentioned this issue Dec 4, 2024
Open
@oleksandrmaksiuta oleksandrmaksiuta changed the title Bump Tomcat version Bump Tomcat versions Dec 4, 2024
@venetrius venetrius self-assigned this Dec 6, 2024
@venetrius
Copy link
Member

Hi @oleksandrmaksiuta,
Thank you for providing the bump updates. I will review the provided changes and let you know.

Best,
Gergely

@venetrius venetrius mentioned this issue Dec 9, 2024
Open
venetrius pushed a commit that referenced this issue Dec 12, 2024
@oleksandrmaksiuta @venetrius
chore(parent): Bump Tomcat versions to 9.0.97 and 10.1.33 (#4836)
6564901
@venetrius
Copy link
Member

Hi @oleksandrmaksiuta could you sign the Contributor License Agreement before we can accept your contribution?

@venetrius venetrius added the group:stale DRI: Yana label Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@venetrius venetrius

Labels
group:stale DRI: Yana type:task Issues that are a change to the project that is neither a feature nor a bug fix.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@venetrius @oleksandrmaksiuta