Hi, we've been successfully running your TOMCAT package for years. Recently our security team said we are subject to a known vulnerability for Websockets, and looking at the Apache Tomcat page, it is fixed in latest version 9.0.37. I only see 8.5.0 on your website? I guess I dont know where to go and how to resolve this?
Any help/comments would be appreciated?
Thanks, Dave
TOMCAT 7.0.27
Re: TOMCAT 7.0.27
This was asked on IBM-MAIN as well, that maybe you could answer?
Dave,
I would encourage you to check whether websockets are enabled on the T:Z product. If not, nothing to worry about, and you can report the issue to your security team as mitigated.
Joe
Dave,
I would encourage you to check whether websockets are enabled on the T:Z product. If not, nothing to worry about, and you can report the issue to your security team as mitigated.
Joe
Re: TOMCAT 7.0.27
We've updated T:Z Quickstart for Tomcat to support the upstream version 9.0.37. You can download the new release here:
https://dovetail.com/downloads/tomcat/index.html
https://dovetail.com/downloads/tomcat/index.html
Re: TOMCAT 7.0.27
Wow! Thats great! Thank-you very much.
Re: TOMCAT 7.0.27
Just a quick followup, 9.0.37 installed and operational. Security team reran the vulnerability scan, and it came back clean. Thank-you very much for the newer port!
Dave
Dave