search

oracle / opengrok

OpenGrok is a fast and usable source code search and cross reference engine, written in Java
http://oracle.github.io/opengrok/
Other
4.29k stars 739 forks source link

Dockerfile requests a vulnerable version of Apache Tomcat #4492

Closed fabfried closed 7 months ago

fabfried commented 7 months ago

The Dockerfile uses Apache Tomcat version 10.1.13-jdk17. https://github.com/oracle/opengrok/blob/21414eb06d6b556c5d70b794fd80d4b0325c8a51/Dockerfile#L44 This version is vulnerable to CVE-2023-46589. A fix for this vulnerability is available in Apache Tomcat 10.1.16.

vladak commented 7 months ago

Thanks for the report, will fix this shortly.