[MGNLTOMCAT-25] Update to Tomcat 9.0.65 Created: 01/Jul/22 Updated: 18/Aug/22 Resolved: 25/Jul/22 |
|
| Status: | Closed |
| Project: | Barebones Tomcat Bundle |
| Component/s: | None |
| Affects Version/s: | 1.1.10, 1.2.9 |
| Fix Version/s: | 1.1.11, 1.2.11 |
| Type: | Task | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Federico Grilli |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Task DoD: |
[X]*
Cloud deployments affected?
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||
| Release notes required: |
Yes
|
||||
| Date of First Response: | |||||
| Team: | |||||
| Description |
[ERROR] One or more dependencies were identified with vulnerabilities: ... [ERROR] tomcat-9.0.64.tar.gz: tomcat-9.0.64.tar: catalina.jar: CVE-2022-34305(6.1) ...
https://nvd.nist.gov/vuln/detail/CVE-2022-34305 Magnolia bundles aren't affected as Tomcat samples are removed. Still, we're going to do the update asap as part of regular 3rd party deps maintenance thus avoiding to create a large version delta. |
| Comments |
| Comment by Jan Haderka [ 07/Jul/22 ] |
|
Issues is with samples only. We can close it as soon as we verify that Magnolia bundle doesn't include tomcat samples. |
| Comment by Mikaël Geljić [ 21/Jul/22 ] |
|
fwiw, Tomcat 9.0.65 was released on July 14. |
| Comment by Federico Grilli [ 25/Jul/22 ] |
|
Tomcat version updated by Renovate in tomcat-barebone module, see |