Upgrade to Tomcat 8.5.32 necessary

2018-08-01T09:33:53
ID ATLASSIAN:JRASERVER-67695
Type atlassian
Reporter michael.gembalski
Modified 2019-04-29T03:26:27

Description

There are new vulnerabilities reported by apache: * [http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E] * [http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E]

It is recommended to update tomcat at least to version 8.5.32.

Workaround

# Update Tomcat to 8.5.32 following this guide: [https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-in-jira-7-x-879957866.html] # Add relaxedChars property to your server.xml as in here [https://confluence.atlassian.com/display/JIRAKB/Changing+server.xml+to+handle+requests+with+special+characters]