Apache Tomcat vunerability on v9.0.71, can I upgrade to 9.0.86?latest
Posted: 29 Feb 2024, 15:12
Hello,
I setup our open source package almost one year ago in one remote server and it works smoothly so I keep all the configuration no change until now.
The Tomcat version was v9.0.71 when I did the initiatilization last year, recently our company's server scanning report the vulnerability on this version as "Apache Tomcat information disclosure Vulnerability (CVE-2023-28708)", and recommends to upgrade to new Tomcat version for remediation, at least to v9.0.72.
When checking Tomcat websiet, the last v9 version is v9.0.86. While the vulnerability fix looks like enough to just go to v9.0.72 (https://tomcat.apache.org/security-9.ht ... cat_9.0.72).
I remember we are depending the Tomcat only in version 9, before I did the server side Tomcat upgrading, could you please advice whether I need to upgrade to any specific higher version? Or it's find I can directly go to v9.0.86 and it's supported by current Protege and other package?
Looking forward to get your quick help since our security team need this fixed in urgent way!
Thanks a lot,
Xiaoqi
I setup our open source package almost one year ago in one remote server and it works smoothly so I keep all the configuration no change until now.
The Tomcat version was v9.0.71 when I did the initiatilization last year, recently our company's server scanning report the vulnerability on this version as "Apache Tomcat information disclosure Vulnerability (CVE-2023-28708)", and recommends to upgrade to new Tomcat version for remediation, at least to v9.0.72.
When checking Tomcat websiet, the last v9 version is v9.0.86. While the vulnerability fix looks like enough to just go to v9.0.72 (https://tomcat.apache.org/security-9.ht ... cat_9.0.72).
I remember we are depending the Tomcat only in version 9, before I did the server side Tomcat upgrading, could you please advice whether I need to upgrade to any specific higher version? Or it's find I can directly go to v9.0.86 and it's supported by current Protege and other package?
Looking forward to get your quick help since our security team need this fixed in urgent way!
Thanks a lot,
Xiaoqi