Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Duplicate
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

Basically, customer would like us to add support for Tomcat 7.0.40 with JIRA 6 as it contains critical security vulnerability fixed in this version of Tomcat.

Customer Expectation:

You recommend using the Apache Tomcat version 7.0.29 or 6.0.32 as supported application server plattform for JIRA versions greater 5.2.
Whilst these versions are acceptable for an internal deployment behind the firewall, it is not acceptable if you allow public access to
the JIRA installation via internet. The Apache Tomcat team strongly recommend to update to the newest Tomcat version because there are
a lot of security issues in older versions espacially 6.0.32. The security issues for the respective Tomcat versions are public
(see http://tomcat.apache.org/security-7.html and http://tomcat.apache.org/security-6.html) so everybody can take advantage of Tomcat's vulnerabilities.

Attachments

Issue Links

duplicates

JRACLOUD-33563 Upgrade bundled Tomcat to the latest minor release

Closed

is related to

JRASERVER-33745 add support Tomcat 7.0.40 with JIRA 6

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Daryl Chuah (Inactive)

Votes:: 5 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 05/Jul/2013 10:52 AM

Updated:: 19/Sep/2019 5:56 AM

Resolved:: 18/Jul/2013 5:49 AM