Jaspersoft: Vulnerabilities found on Apache Tomcat 8.5.30

book

Article ID: 142811

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

The Apache Tomcat version 8.5.30 used with Jaspersoft has the following security vulnerabilities. Is there any ETA on when we can upgrade to the latest version of the Apache Tomcat?

CVE-2018-8034, CVE-2018-8037, CVE-2018-1336, CVE-2019-10072, CVE-2019-0199, CVE-2018-11784, CVE-2019-0232, CVE-2019-0221

Environment

Release : 15.7

Component : CA PPM INTEGRATIONS & INSTALLATIONS

Resolution

Tibco has recommended to upgrade Tomcat. However, per the PPM documentation, Apache Tomcat version 8.5.30 is the recommended version and any later versions (other than 8.5.31) have not been tested.