Upgrade Tomcat to fix CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43512, CVE-2026-43513, CVE-2026-43514 and CVE-2026-43515

XMLWordPrintable

    • 1
    • Severity 3 - Minor

      Issue Summary

      Apache Tomcat should be upgraded to 9.0.118, 10.1.55 or a later version to fix

      Steps to Reproduce

      • N/A

      Expected Results

      • apache-tomcat.9.0.118, 10.1.55 and later

      Actual Results

      • Bamboo 9.6.26: apache-tomcat.9.0.117
      • Bamboo 10.2.19: apache-tomcat.9.0.117
      • Bamboo 12.1.7: apache-tomcat.10.1.54

      Workaround

      It is also possible to manually upgrade Apache Tomcat to version 9.0.118 or 10.1.55 until a new Bamboo release with an updated version of Apache Tomcat is available. For instructions on how to manually upgrade Apache Tomcat in Bamboo, please refer to the following KB article.

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions. Please ensure the Tomcat major version of the bugfix release you use matches the major version shipped with your Bamboo release (e.g. Tomcat 9.0.118 for Bamboo 9.6.x/10.2.x and Tomcat 10.1.55 for Bamboo 12.1.x)

              Assignee:
              Krzysztof Podsiadło
              Reporter:
              Fery Hutabarat Hutabarat
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: