logo
DATABASE RESOURCES PRICING ABOUT US

Upgrade the bundled version of Apache Tomcat to 8.5.57

Description

h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat * [CVE-2020-13934|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934] affects the following versions: Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6 Additionally, the following disclosed vulnerability regarding Tomcat: * [CVE-2020-13935|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935] affects the following versions: Apache Tomcat 7.x from 7.0.27 to 7.0.104 Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6 We should bundle a more recent version of Tomcat so that Jira is not affected by this in the future. h3. Steps to Reproduce * Check the CVE reports: ** [CVE-2020-13934|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934] ** [CVE-2020-13935|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935] h3. Expected Results * Not applicable. h3. Actual Results * Not applicable. h3. Workaround * Manually upgrade Tomcat according to our [documentation|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].


Affected Software


CPE Name Name Version
jira server and data center 8.13.0-EAP
jira server and data center 8.5.8
jira server and data center 8.11.0
jira server and data center 8.14.1
jira server and data center 8.13.0
jira server and data center 8.12.0
jira server and data center 8.12.1
jira server and data center 8.14.0
jira server and data center 8.5.9

Related