Closed dkr91 closed 3 months ago
The Dockerfile uses Apache Tomcat version 10.1.16-jdk17.
https://github.com/oracle/opengrok/blob/0f4d205de0c418a9b527b699ec8080f9fd114a19/Dockerfile#L44
This version is vulnerable to CVE-2024-23672 and CVE-2024-24549. A fix for this vulnerability is available in Apache Tomcat 10.1.19.
Not sure the CVEs actually apply for our use case (being WebSocket and HTTP/2 related), however upgrading Tomcat is usually good thing to do anyway.
The Dockerfile uses Apache Tomcat version 10.1.16-jdk17.
https://github.com/oracle/opengrok/blob/0f4d205de0c418a9b527b699ec8080f9fd114a19/Dockerfile#L44
This version is vulnerable to CVE-2024-23672 and CVE-2024-24549. A fix for this vulnerability is available in Apache Tomcat 10.1.19.