Details
Description
Issue Summary
Bitbucket 8.1 updated Tomcat to 9.0.62 back in April and today CVE-2021-43980 has been published. It isn't obvious if Bitbucket is vulnerable, but we should backport the change to a 7.x LTS if possible to ease customer concerns.
This is reproducible on Data Center: yes
Steps to Reproduce
Refer to the CVE
Expected Results
Bitbucket DC should include non-vulnerable version of Apache Tomcat.
Actual Results
Bitbucket DC includes a potentially vulnerable version of Apache Tomcat.
Workaround
Currently there is no known workaround for this behaviour. A workaround will be added here when available.
Attachments
Issue Links
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...