I've been asked by the security team to update Jira to remediate a security issue with our on-prem install of Jira Software:
CVE-2019-12418 Apache Tomcat 8.5.0 < 8.5.49 Privilege Escalation (132413)
We are running the Long Term Support/Enterprise version 8.5.4 which runs Apache 8.5.42, and is affected by this issue.
I found this issue on the roadmap here: https://jira.atlassian.com/browse/JRASERVER-71321
and it appears that the plan is to only provide a fix in newer (non-enterprise) versions of Jira (8.12+). If I'm missing something, please let me know.
I'm trying to understand why the Long Term Support version isn't being long term supported with regard to this issue.
Any help would be appreciated
Hi @M. Scott Vintinner ,
I was reading the documentation on long term support releases and I understand the expectation to address this security issue. I'm not sure if when the documentation refers to bug fixes, it also includes this issue with Apache Tomcat (maybe they refer to bugs in Atlassian products), but it's worth asking Atlassian Support: https://support.atlassian.com/contact/#/
You can also comment on the ticket (https://jira.atlassian.com/browse/JRASERVER-71321), but I'd contact Support anyway. There are members from the Atlassian Team in this forum, they may also comment here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.