Closed fabfried closed 7 months ago
The Dockerfile uses Apache Tomcat version 10.1.13-jdk17. https://github.com/oracle/opengrok/blob/21414eb06d6b556c5d70b794fd80d4b0325c8a51/Dockerfile#L44 This version is vulnerable to CVE-2023-46589. A fix for this vulnerability is available in Apache Tomcat 10.1.16.
Thanks for the report, will fix this shortly.
The Dockerfile uses Apache Tomcat version 10.1.13-jdk17. https://github.com/oracle/opengrok/blob/21414eb06d6b556c5d70b794fd80d4b0325c8a51/Dockerfile#L44 This version is vulnerable to CVE-2023-46589. A fix for this vulnerability is available in Apache Tomcat 10.1.16.