Thanks, Christopher, for looking into this issue.
Tomcat version:
Server version: Apache Tomcat/9.0.74
Server built: Apr 13, 2023 08:10:39 UTC
Server number: 9.0.74.0
We became aware of this issue a few days ago when it was reported by a
customer due to a critical internal API failure, where the
We are running 9.0.78 on RHEL 7. During our monthly patch and reboot cycle one
the Tomcat running on one system failed to restart. The error said that there
was a running version of Tomcat with a low PID number. Just rerunning the start
“systemctl start tomcat” solved the issue. We use the defau
Hey all,
Sonatype are of the opinion that CVE-2023-42794 is also applicable to the
10.x and 11.x streams of Tomcat and issued the notice:
The Sonatype Security Research team discovered that this vulnerability is
also present and remains unfixed in the 10.x and 11.x branches of Apache
Tomcat.
I as
17 Oct 2023 16:51:38 Donal Anglin :
Hey all,
Sonatype are of the opinion that CVE-2023-42794 is also applicable to
the
10.x and 11.x streams of Tomcat and issued the notice:
The Sonatype Security Research team discovered that this vulnerability
is
also present and remains unfixed in the 10.x
No, only 8.x and 9.x.
I assume that Sonatype has done some investigation though.
Do you have any additional context I can share with them to inform their
decision?
*Donal Anglin*
On Tue, Oct 17, 2023 at 6:23 PM Mark Thomas wrote:
> 17 Oct 2023 16:51:38 Donal Anglin :
>
> > Hey all,
> >
> > Sona
17 Oct 2023 18:51:06 Donal Anglin :
No, only 8.x and 9.x.
The question was retorical. I wrote the official announcement.
I assume that Sonatype has done some investigation though.
Do you have any additional context I can share with them to inform
their
decision?
The onus is on Sonatype t
Hello,
We have several tomcat instances that use a single CATALINA_HOME which
is a symlink for a specific version. The Tomcat instance we use is
very barebones and doesn't have any of the apps that come with it.
For example,
The CATALINA_HOME points to a symlink
/opt/tomcat/tomcat-9/tomcat-9-late
