Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-73773

Upgrade Tomcat to version 8.5.78 - CVE-2022-22965 (Spring Framework RCE)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 8.13.20, 8.22.2, 8.20.8
    • 8.13.19, 8.20.7, 8.22.1
    • Security
    • None

      The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.

      Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative

      Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.209.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side. 

            4e432536cf93 Karol Skwierawski
            drohan Daniel R
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: