[IPT] Update docker tomcat?
Roger W. J. Alterskjær
roger.alterskjaer at ntnu.no
Thu Dec 22 12:43:45 UTC 2022
Our university IT-security guys have noticed that our docker container for gbif/ipt is running a vulnerable version of Tomcat: Apache Tomcat 8.5.x < 8.5.83 which is vulnerable to "Request Smuggling Vulnerability" (CVE-2022-42252). They say that Tomcat 8.5.84 is the latest version of 8.5.
I see that we’re using maven:3.8-jdk-8 with hasn’t been updated for five months…
-Roger A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gbif.org/pipermail/ipt/attachments/20221222/6cab4083/attachment.html>
More information about the IPT
mailing list