Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Tomcat to a version >= 10.1.16 and >= 9.0.83 #3998

Closed
6 tasks done
tasso94 opened this issue Dec 6, 2023 · 3 comments
Closed
6 tasks done

Update Tomcat to a version >= 10.1.16 and >= 9.0.83 #3998

tasso94 opened this issue Dec 6, 2023 · 3 comments
Assignees
@psavidis
Labels
type:task Issues that are a change to the project that is neither a feature nor a bug fix. version:7.18.4 version:7.19.10 version:7.20.3 version:7.21.0-alpha3 version:7.21.0

Comments

@tasso94
Copy link
Member

tasso94 commented Dec 6, 2023
edited by psavidis
Loading

Acceptance Criteria (Required on creation)

  • Tomcat is updated in the Tomcat distribution and Camunda Run
  • Where possible, the Spring Boot starter patch level is raised to a version that includes these Tomcat versions

Hints

Links

Breakdown

camunda-bpm-platform PR
Preview Give feedback
  1. chore(parent): Update tomcat #4037
    bot:java-dependency-check ci:tomcat
    psavidis

camunda-bpm-rpa-bridge-ee PR
Preview Give feedback

Dev2QA handover

  • Does this ticket need a QA test and the testing goals are not clear from the description? Add a Dev2QA handover comment
@tasso94 tasso94 added type:task Issues that are a change to the project that is neither a feature nor a bug fix. version:7.21.0 potential:7.20.3 labels Dec 6, 2023
psavidis added a commit that referenced this issue Jan 15, 2024
@psavidis
chore(parent): Update tomcat
24f3e09 
- Update tomcat version to 9.0.85

Related-to: #3998
@psavidis psavidis mentioned this issue Jan 15, 2024
Merged
@psavidis
Copy link
Contributor

psavidis commented Jan 15, 2024
edited
Loading

  • Latest Spring Boot 3.2.1 support includes tomcat:10.1.17
    • 7.21 already includes it
    • 7.20 works with Spring Boot 3.2.0 which also includes tomcat:10.1.17

psavidis added a commit that referenced this issue Jan 17, 2024
@psavidis
chore(parent): Update tomcat
0b50738 
- Update tomcat version to 9.0.85

Related-to: #3998
@psavidis psavidis assigned yanavasileva and unassigned psavidis Jan 17, 2024
@yanavasileva
Copy link
Member

@psavidis, I think we should also bump the spring boot version for rpa bridge with this ticket:
https://github.com/camunda/camunda-bpm-rpa-bridge-ee/blob/1.1/pom.xml#L20

psavidis added a commit that referenced this issue Jan 19, 2024
@psavidis
chore(parent): Update tomcat
9f2320e 
- Update tomcat version to 9.0.85

Related-to: #3998
@psavidis
Copy link
Contributor

psavidis commented Jan 22, 2024
edited
Loading

Update

  • Reviewing the tomcat update together with @yanavasileva, we found that the Tomcat vulnerability CVE-2022-42252. affected versions are in the range: [9.0.0 - 9.0.68) according to the respective NVD source.

  • The above means that this tomcat update is not required to get unaffected by the vulnerability.

  • Since the work has been done, this ticket can continue normally irrespectively.

psavidis added a commit that referenced this issue Jan 23, 2024
@psavidis
chore(parent): Update tomcat
ef17bd0 
- Update tomcat version to 9.0.85

Related-to: #3998
@danielkelemen danielkelemen mentioned this issue Feb 21, 2024
Closed
1 task
psavidis added a commit that referenced this issue Mar 4, 2024
@psavidis
chore(parent): Update tomcat
5c61d66 
- Update tomcat version to 9.0.85

Related-to: #3998
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@psavidis psavidis

Labels
type:task Issues that are a change to the project that is neither a feature nor a bug fix. version:7.18.4 version:7.19.10 version:7.20.3 version:7.21.0-alpha3 version:7.21.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tasso94 @yanavasileva @psavidis