Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-73773

Upgrade Tomcat to version 8.5.78 - CVE-2022-22965 (Spring Framework RCE)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • 8.13.20, 8.22.2, 8.20.8
    • 8.13.19, 8.20.7, 8.22.1
    • Security
    • None

    Description

      The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.

      Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative

      Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.209.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side. 

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JSWSERVER-21350 Tracking Resolution of Issue Described in FAQ for CVE-2022-22965

          • Medium - Medium priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JPOSERVER-4353 Upgrade an external library to fix the vulnerability CVE-2022-22965

          • Low - Low priority issues
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              4e432536cf93 Karol Skwierawski
              drohan Daniel R
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: