Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 7.17.19, 7.21.15, 8.8.7, 8.9.4, 8.10.4, 8.11.3, 8.12.1, 8.13.0
Affects Version/s: 7.17.18, 7.21.7, 8.10.0, 8.11.0
Component/s: Security - Other
Labels:

Support reference count:
3
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue summary

Apache Tomcat should be upgraded to 9.0.74 or a later version to fix CVE-2023-28709

Environment

Bitbucket 8.10.x and 8.11

Steps to Reproduce

Check the Apache Tomcat version on pom.xml

Expected Results

Bitbucket 8.10 and 8.11: apache-tomcat 9.0.74 and later

Actual Results

Bitbucket 8.10: apache-tomcat-9.0.73 and earlier
Bitbucket 8.11: apache-tomcat-9.0.73 and earlier

Attachments

Activity

People

Assignee:: Christopher Kochovski

Reporter:: Luiz Elias

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 09/Jun/2023 1:54 AM

Updated:: 17/Aug/2023 4:26 AM

Resolved:: 15/Aug/2023 1:44 AM