[MGNLTOMCAT-3] Update Tomcat to 9.0.8 Created: 31/May/18  Updated: 15/Jun/18  Resolved: 14/Jun/18

Status: Closed
Project: Barebones Tomcat Bundle
Component/s: None
Affects Version/s: None
Fix Version/s: 1.1

Type: Task Priority: Neutral
Reporter: Antti Hietala Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MGNLTOMCAT-5 Update Tomcat to 8.5.31 Closed
is cloned by MGNLTOMCAT-9 Update Tomcat to 8.5.31 or higher on ... Closed
dependency
is depended upon by BUILD-308 Update resteasy to prevent jackson-da... Closed
duplicate
is duplicated by MAGNOLIA-7252 Add support for Tomcat 9 Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Task DoD:
[ ]* Cloud deployments affected?
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Epic Link: 5.7 library update
Sprint: Kromeriz 151

 Description   

Update Tomcat

  • on 5.7 to 9.0.8


 Comments   
Comment by Mikaël Geljić [ 06/Jun/18 ]

We only manage the jstl spec, whose most recent version in Java EE 8 is 1.2.1.
CVE is about taglib impl provided by tomcat; unclear where they land into tomcat, if at all (they should be somewhere, otherwise how does JSP support works). To investigate.

See:

http://search.maven.org/#artifactdetails%7Cjavax%7Cjavaee-web-api%7C8.0%7Cjar
http://search.maven.org/#search%7Cga%7C1%7Ca%3A"javax.servlet.jsp.jstl-api"

http://tomcat.apache.org/download-taglibs.cgi
http://tomcat.apache.org/taglibs.html

Generated at Sun Feb 11 23:26:33 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.