Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 8.5.9, 8.9.0
Affects Version/s: 8.6.1
Component/s: Tomcat
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.06
Support reference count:
29
Symptom Severity:
Severity 2 - Major
UIS:
611
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

The recently disclosed vulnerabilities regarding Apache Tomcat

Which affects the following versions:

Apache Tomcat 8.x from 8.5.0 before 8.5.50

We should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.

Steps to Reproduce

Not applicable.

Expected Results

Not applicable.

Actual Results

Not applicable.

Workaround

Manually upgrade Tomcat according to our documentation.

details

JRASERVER-70727 Documentation on configuring Jira Server with Apache AJP should note recent Ghost Cat CVE-2020-1938

Closed

JSDSERVER-6768 Jira Service Desk Security Vulnerability Tomcat AJP CNVD-2020-10487/CVE-2020-1938

Closed

is related to

JRASERVER-70993 The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569

Closed

resolves

JRASERVER-70127 Starting Jira 8 as a service on Windows with AdoptOpenJDK 11.0.4_11 causes an exception

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

relates to: RAID-1714 Loading...; RAID-1715 Loading...

(2 mentioned in, 2 relates to)

Assignee:: Pawel Przytarski

Reporter:: Michael Aglas

Votes:: 0 Vote for this issue

Watchers:: 20 Start watching this issue

Due:: 26/Feb/2020

Created:: 15/Jan/2020 3:29 PM

Updated:: 14/Oct/2020 10:09 AM

Resolved:: 20/May/2020 8:43 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates