Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.1.7
Affects Version/s: 7.1.0, 7.1.1
Component/s: Installation
Labels:

Introduced in Version:
7.01
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Summary

We are currently on 8.0.17 and have already been bitten by a bug in it:

https://bz.apache.org/bugzilla/show_bug.cgi?id=57476

We should upgrade to the latest to get the latest bugfixes.

Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager, which I believe we do not currently use.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763

However, these are related to other aspects of Tomcat:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351 (probably doesn't affect us)

Updating Tomcat to one of these versions would appear to patch all of the above CVEs:

Apache Tomcat 9.0.0.M3
Apache Tomcat 8.0.32
Apache Tomcat 7.0.68
Apache Tomcat 6.0.45

Attachments

Issue Links

causes

JRASERVER-61179 Importing issues from CSV fails with blank screen

Closed

is related to

JRASERVER-60435 Tomcat upgrade (8.0.26+) needed for Apache commons pool EvictionPolicy error

Closed

GHS-41767 Loading...

mentioned in: Page Loading...; Page Loading...

relates to: ICE-499 Loading...

(1 relates to)

Activity

People

Assignee:: Pawel Bugalski (Inactive)

Reporter:: Oswaldo Hernandez (Inactive)

Votes:: 4 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Due:: 13/May/2016

Created:: 19/Feb/2016 12:04 AM

Updated:: 28/Mar/2019 12:20 AM

Resolved:: 18/May/2016 11:42 PM