[BSERV-12222] Update Tomcat dependency to 9.0.31 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Suggestion
Status: Closed (View Workflow)
Resolution: Done
Fix Version/s: 7.1.0
Component/s: Environment - Other
Labels:
None

Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

Fixes:
CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
CVE-2020-1935 HTTP Request Smuggling
CVE-2019-17569 HTTP Request Smuggling

Attachments

Issue Links

causes

BSERV-12266 Fails to start with error: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.

Closed

Activity

People

Assignee:: Ben Humphreys

Reporter:: Ben Humphreys

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Mar/2020 11:08 PM

Updated:: 27/Mar/2020 7:27 AM

Resolved:: 05/Mar/2020 3:46 AM