-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.9.0
-
8.09
-
2
-
Severity 2 - Major
-
Issue Summary
The recently disclosed vulnerability regarding Tomcat affects the following versions:
Apache Tomcat 7x <7.0.103
Apache Tomcat 8x <8.5.54
Apache Tomcat 9x <9.0.34
Apache Tomcat 10x < 10.0.0-M4
We should bundle a more recent version of Tomcat, so that Jira is not affected by this in the future.
Steps to Reproduce
- Check the CVE report.
Expected Results
- Not applicable.
Actual Results
- Not applicable.
Workaround
- Manually upgrade Tomcat according to our documentation.
- relates to
-
-
- Closed
-
[JRASERVER-71221] Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484
| Fixed in Long Term Support Release/s | New: [Download 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html] |
| Link |
New:
This issue relates to |
| Fix Version/s | New: 8.5.9 [ 92910 ] |
| Fix Version/s | New: 8.12.0 [ 92098 ] |
| Labels | Original: cvss-high security vulnerable-components | New: advisory advisory-released cvss-high security vulnerable-components |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
| Support reference count | Original: 1 | New: 2 |
| Fix Version/s | New: 8.11.0 [ 92097 ] |
| Status | Original: In Progress [ 3 ] | New: Waiting for Release [ 12075 ] |
| Status | Original: Needs Triage [ 10030 ] | New: In Progress [ 3 ] |