Details
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
Description
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
Basically, customer would like us to add support for Tomcat 7.0.40 with JIRA 6 as it contains critical security vulnerability fixed in this version of Tomcat.
Customer Expectation:
You recommend using the Apache Tomcat version 7.0.29 or 6.0.32 as supported application server plattform for JIRA versions greater 5.2.
Whilst these versions are acceptable for an internal deployment behind the firewall, it is not acceptable if you allow public access to
the JIRA installation via internet. The Apache Tomcat team strongly recommend to update to the newest Tomcat version because there are
a lot of security issues in older versions espacially 6.0.32. The security issues for the respective Tomcat versions are public
(see http://tomcat.apache.org/security-7.html and http://tomcat.apache.org/security-6.html) so everybody can take advantage of Tomcat's vulnerabilities.
Attachments
Issue Links
- duplicates
-
JRACLOUD-33563 Upgrade bundled Tomcat to the latest minor release
- Closed
- is related to
-
JRASERVER-33745 add support Tomcat 7.0.40 with JIRA 6
- Closed