[BAM-22330] Upgrade Tomcat to fix CVE-2023-34981 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 9.3.1, 9.2.4
Affects Version/s: n/a
Component/s: Security
Labels:

Support reference count:
7
Symptom Severity:
Severity 2 - Major
UIS:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981

Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases.

This is an informational ticket to inform customers about the underlying CVE.

Environment

Bamboo 9

Steps to Reproduce

Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

Expected Results

Bamboo 9.x: apache-tomcat 9.0.75 or later

Actual Results

Bamboo 9.x: apache-tomcat 9.0.74

supersedes

BAM-22280 Upgrade Tomcat to fix CVE-2023-28709

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load

Assignee:: Unassigned

Reporter:: Eduardo Alvarenga (Inactive)

Affected customers:: 2 This affects my team

Watchers:: 6 Start watching this issue

Created:: 26/Jun/2023 7:32 AM

Updated:: 07/Apr/2025 5:56 PM

Resolved:: 26/Jul/2023 9:23 AM