Further, Apache Tomcat 7 reached end of life as of 31 March 2021 and is
no longer supported by this community.
This means we no longer assess Tomcat 7 against reported security
vulnerabilities so even if your client is running the latest Tomcat 7
version available, 7.0.109, there have been a n
I hope this helps
https://lists.apache.org/thread/m3bhytsh3yrhsxvo98vcyx4q6w0m1d4v
On Fri, Jan 28, 2022, 9:58 AM Tim Funk wrote:
> Out of the box, no version of Apache Tomcat uses any log4j version.
>
> If log4j is used, it is by a specific application (not provided by the ASF)
> deployed to Tom
Out of the box, no version of Apache Tomcat uses any log4j version.
If log4j is used, it is by a specific application (not provided by the ASF)
deployed to Tomcat. (Or an admin changed the default install to add it)
-Tim
On Fri, Jan 28, 2022 at 10:36 AM Samuel Anderson-Burrell | Cloud21
wrote:
Good Afternoon Apache
Hope your well, my name is Samuel I work for a Security firm Cloud 21 and we
have been working with a client who uses your software in particular Tomcat.
We are looking to see if there is a security patch against log4j. The version
they are using is tomcat 7, checking your d
