Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-81074

Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252

    XMLWordPrintable

Details

    • 105
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Although not vulnerable when using the default configurations (rejectIllegalHeader enabled), the latest versions of Confluence are bundled with Tomcat 9.0.65 which is vulnerable to CVE-2022-42252. Crowd version 5.1.0 is using Tomcat version 8.5.79,  which is vulnerable to CVE-2022-42252. This request was raised to address this through a Tomcat upgrade which would avoid vulnerability by misconfiguration in Confluence and Crowd

      Attachments

        Issue Links

          was cloned as

          Suggestion - JRASERVER-75262 Upgrade Tomcat to address CVE-2022-42252

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              6444c12a624d Barbara Cavalcante
              Votes:
              31 Vote for this issue
              Watchers:
              26 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: