Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.0.10, 8.1.9, 8.2.5
Affects Version/s: 7.2.7, 8.0.8, 8.1.7, 8.2.3
Component/s: Bamboo Release, Infrastructure, Security
Labels:

Support reference count:
2
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue summary

Apache Tomcat should be upgraded to 8.5.79 or a superior version to fix CVE-2022-29885

Environment

Bamboo 7, 8

Steps to Reproduce

Check tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

Expected Results

apache-tomcat 8.5.79+ is expected

Actual Results

apache-tomcat 8.5.78 (or older) is used

Workaround

At your own risk, you can manually upgrade Tomcat as instructed on this KB:

How to upgrade Apache Tomcat version used by Bamboo

WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions.

mentioned in: Page Loading...; Page Loading...; Page Loading...

Assignee:: Marcin Gardias

Reporter:: Eduardo Alvarenga (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 07/Jun/2022 6:57 AM

Updated:: 07/Apr/2025 3:47 PM

Resolved:: 21/Jul/2022 10:45 PM

Details

Description

Issue summary

Environment

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates