-
Bug
-
Resolution: Fixed
-
Low
-
7.3.0, 7.3.4
-
7.03
-
29
-
Severity 2 - Major
-
288
-
-
- Apache has released the Apache Software Foundation Releases Security Updates:
- https://www.us-cert.gov/ncas/current-activity/2017/04/12/Apache-Software-Foundation-Releases-Security-Updates
There are a few vulnerabilities reported:
- CVE-2017-5648 - http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C8a78e8fe-616e-1959-3c0e-26704fc72766@apache.org%3E
- CVE-2017-5650 - http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C6d8077ef-1bcb-d07b-0bd0-f70ab0043faf@apache.org%3E
- CVE-2017-5651 - http://mail-archives.us.apache.org/mod_mbox/www-announce/201704.mbox/%3C63a584ba-4db7-85d3-0206-c1164b9d26c6@apache.org%3E
- CVE-2016-6817 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817
- CVE-2016-6816 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
For CVE-2017-5650 and CVE-2017-5651, the Severity is Important and:
Versions Affected:
- Apache Tomcat 9.0.0.M1 to 9.0.0.M18
- Apache Tomcat 8.5.0 to 8.5.12
- Apache Tomcat 8.0.x and earlier are not affected
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 9.0.0.M19 or later
- Upgrade to Apache Tomcat 8.5.13 or later
Moving forward, fix versions of JIRA should be bundled with Tomcat 8.5.13/9.0.0.M19 or above.
Workaround
If Tomcat is to be manually upgraded, please refer to How to upgrade Apache Tomcat version in JIRA 7.x. Currently Tomcat 8.5.13 and 8.5.14 are available.
Manually upgrading Tomcat is not recommended or supported.
- has a regression in
-
-
- Closed
-
- is related to
-
-
- Closed
-
-
-
- Closed
-
-
JRASERVER-66241 Embed latest java critical security update (1.8.0.171 or higher) into the next JIRA (sub)version
- Closed
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
- relates to
-