Upgrade bundled Tomcat due to security vulnerabilities

2013-05-21T04:29:40
ID ATLASSIAN:BSERV-3475
Type atlassian
Reporter ganand
Modified 2013-09-15T23:05:13

Description

There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32: [CVE-2013-2067|http://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C518CB1D4.1020106@apache.org%3E] [CVE-2013-2071|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1CC.6070909@apache.org%3E] [CVE-2012-3544|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1D9.6020808@apache.org%3E] - Not reported for Tomcat 7.0.32

Stash should be bundled with the latest Tomcat version 7.0.40 to ensure it contains a fix for the above security vulnerabilities.