100% of the Containers and Helm charts bundling Tomcat have been released.New Tomcat versions containing the patch were released in all supported formats.We are still working on the pending ones. 86% of the VMs bundling Tomcat have been released.100% of the VMs bundling Tomcat have been released.Here you can find more info about this mitigation path. The main goal should still be to upgrade to a currently supported Spring Framework version. For older, unsupported versions of the Spring Framework, the Tomcat releases provide an adequate solution for the reported attack vector. While the vulnerability is not in Tomcat itself, Apache Tomcat already released versions 10.0.20, 9.0.62, and 8.5.78 which close the attack vector on Tomcat’s side. Otherwise, there are some suggested workarounds and you can always contact the developers of your application to get other alternatives. If you are able to upgrade to Spring Framework 5.3.18 and 5.2.20, nothing else should be done. Spring Boot 2.6.6 and 2.5.12 that depends on Spring Framework 5.3.18 have been released. ![]() Spring Framework 5.3.18 and 5.2.20, which contain the fixes, have been released However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |