22 Dec
2022
22 Dec
'22
20:43
Our university IT-security guys have noticed that our docker container for gbif/ipt is running a vulnerable version of Tomcat: Apache Tomcat 8.5.x < 8.5.83 which is vulnerable to "Request Smuggling Vulnerability" (CVE-2022-42252). They say that Tomcat 8.5.84 is the latest version of 8.5.
I see that we’re using maven:3.8-jdk-8 with hasn’t been updated for five months…
-Roger A