Details
-
Bug
-
Resolution: Fixed
-
Highest
-
7.17.18, 7.21.7, 8.10.0, 8.11.0
-
3
-
Severity 2 - Major
-
Description
Issue summary
Apache Tomcat should be upgraded to 9.0.74 or a later version to fix CVE-2023-28709
Environment
- Bitbucket 8.10.x and 8.11
Steps to Reproduce
- Check the Apache Tomcat version on pom.xml
Expected Results
- Bitbucket 8.10 and 8.11: apache-tomcat 9.0.74 and later
Actual Results
- Bitbucket 8.10: apache-tomcat-9.0.73 and earlier
- Bitbucket 8.11: apache-tomcat-9.0.73 and earlier