Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25839

Upgrade Tomcat to fix CVE-2024-34750

XMLWordPrintable

      Issue Summary

      Apache Tomcat should be upgraded to 9.0.90 or a later version to fix CVE-2024-34750.

      Steps to Reproduce

      • Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

      Expected Results

      • Bamboo 9.x: apache-tomcat.9.0.90 and later

      Actual Results

      • Bamboo 9.x: apache-tomcat.9.0.87

      Workaround

      It is also possible to manually upgrade Apache Tomcat to version 9.0.90 until a new Bamboo release with an updated version of Apache Tomcat is available. For instructions on how to manually upgrade Apache Tomcat in Bamboo, please refer to the following KB article.

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions.

      Backported fixes

      Per our Security Bug Fix Policy, we are committed to delivering a bug fix release for the most recent feature release of Bamboo, as well as for all supported LTS releases, following the guidelines outlined in the Atlassian Support End of Life Policy. This implies that the fix will be included in Bamboo 9.2.x and Bamboo 9.6.x releases exclusively.

              achystoprudov Alexey Chystoprudov
              30fa40b9e6fe SSI Team
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: