Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerfile requests a vulnerable version of Apache Tomcat #4558

Closed
dkr91 opened this issue Mar 15, 2024 · 1 comment
Closed

Dockerfile requests a vulnerable version of Apache Tomcat #4558

dkr91 opened this issue Mar 15, 2024 · 1 comment
Assignees
Labels

Comments

@dkr91
Copy link
Contributor

dkr91 commented Mar 15, 2024

The Dockerfile uses Apache Tomcat version 10.1.16-jdk17.

FROM tomcat:10.1.16-jdk17

This version is vulnerable to CVE-2024-23672 and CVE-2024-24549. A fix for this vulnerability is available in Apache Tomcat 10.1.19.

@vladak vladak added the docker label Mar 15, 2024
@vladak
Copy link
Member

vladak commented Mar 15, 2024

Not sure the CVEs actually apply for our use case (being WebSocket and HTTP/2 related), however upgrading Tomcat is usually good thing to do anyway.

@vladak vladak self-assigned this Mar 15, 2024
vladak added a commit to vladak/OpenGrok that referenced this issue Mar 15, 2024
@vladak vladak closed this as completed in 4495e96 Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants