[IPT] Update docker tomcat?

22 Dec 2022


      Our university IT-security guys have noticed that our docker container for gbif/ipt is running a vulnerable version of Tomcat: Apache Tomcat 8.5.x < 8.5.83 which is vulnerable to "Request Smuggling Vulnerability" (CVE-2022-42252). They say that Tomcat 8.5.84 is the latest version of 8.5.
I see that we’re using maven:3.8-jdk-8 with hasn’t been updated for five months…
-Roger A

[IPT] Update docker tomcat?

Roger W. J. Alterskjær