Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-81074

Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252

XMLWordPrintable

    • 105
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Although not vulnerable when using the default configurations (rejectIllegalHeader enabled), the latest versions of Confluence are bundled with Tomcat 9.0.65 which is vulnerable to CVE-2022-42252. Crowd version 5.1.0 is using Tomcat version 8.5.79,  which is vulnerable to CVE-2022-42252. This request was raised to address this through a Tomcat upgrade which would avoid vulnerability by misconfiguration in Confluence and Crowd

              Unassigned Unassigned
              6444c12a624d B Cavalcante
              Votes:
              31 Vote for this issue
              Watchers:
              26 Start watching this issue

                Created:
                Updated:
                Resolved: