> On Apr 11, 2024, at 21:18, hazendaz (via GitHub) wrote:
>
> hazendaz commented on PR #718:
> URL: https://github.com/apache/tomcat/pull/718#issuecomment-2050846843
>
> Not speaking for team but as onlooker, Tomcat 7 is end of life since March
> 2021. There are no further updates. So it
aooohan commented on PR #718:
URL: https://github.com/apache/tomcat/pull/718#issuecomment-2050851432
Tomcat 7 is end of life since March 2021, so we won't merge this change,
thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Gi
aooohan closed pull request #718: fix CVE-2024-23672
URL: https://github.com/apache/tomcat/pull/718
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-
hazendaz commented on PR #718:
URL: https://github.com/apache/tomcat/pull/718#issuecomment-2050846843
Not speaking for team but as onlooker, Tomcat 7 is end of life since March
2021. There are no further updates. So it wouldn't make sense to patch it.
It wouldn't be released anyways. On
achibear opened a new pull request, #718:
URL: https://github.com/apache/tomcat/pull/718
Tomcat 8 fixed the CVE-2024-23672 vulnerability through commit
[3631adb1](https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591).
However, we have discovered similar unpatched
