Tomcat version in Crowd 4.2.2?

We've been made aware of a security vulnerability in Tomcat v8.5.50, which Crowd v4.2.0 (that we're currently using) comes with. Has Tomcat been upgraded if we upgrade Crowd to v4.2.2?

3 answers

1 accepted

0 votes

Answer accepted

Hi @abbeycode ,

Based on release note unfortunately, not yet

https://confluence.atlassian.com/crowd/crowd-4-2-release-notes-1019381976.html

Please, share the CVE- and I hope Atlassian security team will check the risks.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

You can use this trick

https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

I submitted support tickets to Atlassian for Crowd (with two CVEs) and Jira and Bamboo, with one CVE that wasn't patched until Tomcat v8.5.60.

Patched in v8.5.56: CVE-2020-11996

Patched in v8.5.60: CVE-2021-24122

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Tomcat version in Crowd 4.2.2?

3 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Tomcat version in Crowd 4.2.2?

3 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events

Welcome to the new Atlassian Community