[jira] [Updated] (HBASE-29650) Upgrade tomcat-jasper to 9.0.110

Istvan Toth (Jira) Fri, 17 Oct 2025 10:00:16 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-29650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Istvan Toth updated HBASE-29650:
--------------------------------
    Component/s:     (was: security)

> Upgrade tomcat-jasper to 9.0.110
> --------------------------------
>
>                 Key: HBASE-29650
>                 URL: https://issues.apache.org/jira/browse/HBASE-29650
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>            Reporter: Istvan Toth
>            Assignee: Istvan Toth
>            Priority: Major
>              Labels: pull-request-available
>
> There is a CVE for 9.0.107 
> It does not actually affect us (as we only use jasper, not the web server), 
> but using the latest won't hurt and will reduce the chances of false 
> positives from static scanners etc.
> branch 3+ was updated to 9.0.107 as part of the Jetty upgrade, branch-2.x is 
> still on 9.0.104. We should be able to use the latest 9.0.110 on both.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HBASE-29650) Upgrade tomcat-jasper to 9.0.110

Reply via email to