Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 9.3.1, 9.2.4
Affects Version/s: n/a
Component/s: Security
Labels:

Support reference count:
7
Symptom Severity:
Severity 2 - Major
UIS:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981

Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases.

This is an informational ticket to inform customers about the underlying CVE.

Environment

Bamboo 9

Steps to Reproduce

Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

Expected Results

Bamboo 9.x: apache-tomcat 9.0.75 or later

Actual Results

Bamboo 9.x: apache-tomcat 9.0.74

supersedes

BAM-22280 Upgrade Tomcat to fix CVE-2023-28709

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

Assignee:: Unassigned

Reporter:: Eduardo Alvarenga

Votes:: 2 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 26/Jun/2023 7:32 AM

Updated:: 14/Mar/2024 2:40 PM

Resolved:: 26/Jul/2023 9:23 AM