Details
-
Bug
-
Resolution: Fixed
-
Low
-
7.2.7, 8.0.8, 8.1.7, 8.2.3
-
2
-
Severity 2 - Major
-
Description
Issue summary
Apache Tomcat should be upgraded to 8.5.79 or a superior version to fix CVE-2022-29885
Environment
Bamboo 7, 8
Steps to Reproduce
- Check tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat
Expected Results
apache-tomcat 8.5.79+ is expected
Actual Results
apache-tomcat 8.5.78 (or older) is used
Workaround
At your own risk, you can manually upgrade Tomcat as instructed on this KB:
WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions.