Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-13164

Upgrade Tomcat to 8.5.51

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 8.2
    • Fix Version/s: 8.3
    • Component/s: Web
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      With the recent publication of CVE-2020-1938: Ghostcat, some users asked us if we are exposed to File Read/Inclusion Vulnerability. SonarQube is not vulnerable because AJP protocol is explicitly not enabled. Still, we want to upgrade Tomcat to the latest minor patch possible to remove any double one can have, and stop showing this CVE up on security reports.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pierre.guillot Pierre Guillot
              Reporter:
              pierre.guillot Pierre Guillot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: