Community
Products
Jira
Questions
CVE-2019-12418 unpatched on 8.5 long term support after many months?

CVE-2019-12418 unpatched on 8.5 long term support after many months?

I've been asked by the security team to update Jira to remediate a security issue with our on-prem install of Jira Software:

CVE-2019-12418 Apache Tomcat 8.5.0 < 8.5.49 Privilege Escalation (132413)

We are running the Long Term Support/Enterprise version 8.5.4 which runs Apache 8.5.42, and is affected by this issue.

I found this issue on the roadmap here: https://jira.atlassian.com/browse/JRASERVER-71321

and it appears that the plan is to only provide a fix in newer (non-enterprise) versions of Jira (8.12+). If I'm missing something, please let me know.

I'm trying to understand why the Long Term Support version isn't being long term supported with regard to this issue.

Any help would be appreciated

1 answer

0 votes

Hi @M. Scott Vintinner ,

I was reading the documentation on long term support releases and I understand the expectation to address this security issue. I'm not sure if when the documentation refers to bug fixes, it also includes this issue with Apache Tomcat (maybe they refer to bugs in Atlassian products), but it's worth asking Atlassian Support: https://support.atlassian.com/contact/#/

You can also comment on the ticket (https://jira.atlassian.com/browse/JRASERVER-71321), but I'd contact Support anyway. There are members from the Atlassian Team in this forum, they may also comment here.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

CVE-2019-12418 unpatched on 8.5 long term support after many months?

1 answer

Suggest an answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

VERSION

TAGS

Community showcase

Atlassian Community Events