Upgrade Tomcat to fix CVE-2019-0199

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      Tomcat 8.5.34 has security issue CVE-2019-0199.  

      The out of the box configuration of Tomcat we ship with Bamboo does not not support HTTP/2.
      Technically, a customer might set it up, but they’d need to switch to APR and expose the HTTPS connector directly to the users (or the HTTP connector if they additionally configured the upgrade protocol on it too).
      The version of Bamboo on master is affected out of box though, because it supports h2c.

      Workaround

              Assignee:
              Alexey Chystoprudov
              Reporter:
              Alexey Chystoprudov
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: