TOMCAT 7.0.27

Issues and Questions related to running Apache Tomcat on z/OS
Post Reply
djousma
Posts: 16
Joined: Wed Nov 28, 2012 5:01 pm

TOMCAT 7.0.27

Post by djousma »

Hi, we've been successfully running your TOMCAT package for years. Recently our security team said we are subject to a known vulnerability for Websockets, and looking at the Apache Tomcat page, it is fixed in latest version 9.0.37. I only see 8.5.0 on your website? I guess I dont know where to go and how to resolve this?

Any help/comments would be appreciated?

Thanks, Dave
djousma
Posts: 16
Joined: Wed Nov 28, 2012 5:01 pm

Re: TOMCAT 7.0.27

Post by djousma »

This was asked on IBM-MAIN as well, that maybe you could answer?

Dave,

I would encourage you to check whether websockets are enabled on the T:Z product. If not, nothing to worry about, and you can report the issue to your security team as mitigated.

Joe
coz
Posts: 392
Joined: Fri Jul 30, 2004 5:29 pm

Re: TOMCAT 7.0.27

Post by coz »

We've updated T:Z Quickstart for Tomcat to support the upstream version 9.0.37. You can download the new release here:

https://dovetail.com/downloads/tomcat/index.html
djousma
Posts: 16
Joined: Wed Nov 28, 2012 5:01 pm

Re: TOMCAT 7.0.27

Post by djousma »

Wow! Thats great! Thank-you very much.
djousma
Posts: 16
Joined: Wed Nov 28, 2012 5:01 pm

Re: TOMCAT 7.0.27

Post by djousma »

Just a quick followup, 9.0.37 installed and operational. Security team reran the vulnerability scan, and it came back clean. Thank-you very much for the newer port!

Dave
Post Reply