tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload
Date Wed, 04 Oct 2017 01:52:07 GMT
> From: Baron Fujimoto [mailto:baron@hawaii.edu] 
> Subject: Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution
via JSP upload

> I haven't seen an announcement for 8.0.47, nor does the Apache Tomcat
> website seem to reference it yet, but it appears to be available in the
> distribution archive(s). E.g.:

> <http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.47/bin/>

> Is this 8.0.47 blessed for use?

Pretty much - the voting process completed over the weekend (it passed), but
the announcement isn't made until the mirrors all catch up.  Should be fine
to use from the archive.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.


Mime
View raw message