[Bug 1915911] Re: Tomcat9 package is old version with many security issues
Paulo Flabiano Smorigo
1915911 at bugs.launchpad.net
Thu Mar 31 13:22:26 UTC 2022
Hello Evren, hmm I just published both bionic (9.0.16-3ubuntu0.18.04.2)
and focal (9.0.31-1ubuntu0.2). I finished some tests yesterday. Foi
bionic I had to do some changes and add an extra commit to support one
of fixes.
** Changed in: tomcat9 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1915911
Title:
Tomcat9 package is old version with many security issues
Status in tomcat9 package in Ubuntu:
Fix Released
Bug description:
Tomcat9 package is based on 9.0.16 on bionic and 9.0.31 on focal.
Several "Important" security vulnerabilities has been found since those versions:
https://tomcat.apache.org/security-9.html
```
Important
A vulnerability rated as Important impact is one which could result in the compromise of data or availability of the server. For Tomcat this includes issues that allow an easy remote denial of service (something that is out of proportion to the attack or with a lasting consequence), access to arbitrary files outside of the context root, or access to files that should be otherwise prevented by limits or authentication.
```
These packages should be updated to use at least Tomcat 9.0.40. Can
you please provide the update?
Thanks!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911/+subscriptions
More information about the Ubuntu-sponsors
mailing list