[IPT] Update docker tomcat?

Roger W. J. Alterskjær roger.alterskjaer at ntnu.no
Thu Dec 22 12:43:45 UTC 2022


Our university IT-security guys have noticed that our docker container for gbif/ipt is running a vulnerable version of Tomcat: Apache Tomcat 8.5.x < 8.5.83 which is vulnerable to "Request Smuggling Vulnerability" (CVE-2022-42252). They say that Tomcat 8.5.84 is the latest version of 8.5.

I see that we’re using maven:3.8-jdk-8 with hasn’t been updated for five months…

-Roger A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gbif.org/pipermail/ipt/attachments/20221222/6cab4083/attachment.html>


More information about the IPT mailing list