Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-22330

Upgrade Tomcat to fix CVE-2023-34981

XMLWordPrintable

      Issue Summary

      Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981

      Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases.

      This is an informational ticket to inform customers about the underlying CVE.

      Environment

      • Bamboo 9

      Steps to Reproduce

      • Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

      Expected Results

      • Bamboo 9.x: apache-tomcat 9.0.75 or later

      Actual Results

      • Bamboo 9.x: apache-tomcat 9.0.74

          Form Name

            [BAM-22330] Upgrade Tomcat to fix CVE-2023-34981

            Wioletta Dys added a comment -

            As per our Security Bug Fix Policy, backported Security Bug fixes are released for Long Term Support (LTS) releases that have not reached their end-of-life date and to all feature versions released within 6 months of the date the fix is released, meaning that only Bamboo 9.3.x and Bamboo 9.2.x LTS releases will ship this fix.

            Wioletta Dys added a comment - As per our  Security Bug Fix Policy , backported Security Bug fixes  are released for Long Term Support (LTS) releases  that have not reached their end-of-life date  and to all feature versions released within 6 months  of the date the fix is released, meaning that only Bamboo 9.3.x and Bamboo 9.2.x LTS releases will ship this fix.

              Unassigned Unassigned
              73868399605e Eduardo Alvarenga (Inactive)
              Affected customers:
              2 This affects my team
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: