Upgrade Tomcat to fix CVE-2026-24734, CVE-2026-24733 and CVE-2025-66614

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 10.2.18, 9.6.25, 12.1.6
    • Affects Version/s: 12.1.0, 12.1.3, 10.2.16
    • Component/s: Security
    • None
    • 2
    • Severity 3 - Minor

      Issue Summary

      Apache Tomcat should be upgraded to 9.0.114, 10.1.52 or a later version to fix

      Steps to Reproduce

      • N/A

      Expected Results

      • apache-tomcat.9.0.114, 10.1.52 and later

      Actual Results

      • Bamboo 10.2.16: apache-tomcat.9.0.111
      • Bamboo 12.1.3: apache-tomcat.10.1.48
      • Bamboo 12.1.0: apache-tomcat.10.1.48

      Workaround

      It is also possible to manually upgrade Apache Tomcat to version 9.0.114 or 10.1.52 until a new Bamboo release with an updated version of Apache Tomcat is available. For instructions on how to manually upgrade Apache Tomcat in Bamboo, please refer to the following KB article.

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions. Please ensure the Tomcat major version of the bugfix release you use matches the major version shipped with your Bamboo release (e.g. Tomcat 9.0.114 for Bamboo 10.2.x and Tomcat 10.1.52 for Bamboo 12.1.x)

              Assignee:
              Alexey Chystoprudov
              Reporter:
              Shashank Kumar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: