Hi, we've been successfully running your TOMCAT package for years. Recently our security team said we are subject to a known vulnerability for Websockets, and looking at the Apache Tomcat page, it is fixed in latest version 9.0.37. I only see 8.5.0 on your website? I guess I dont know where to go and how to resolve this?

Any help/comments would be appreciated?

Thanks, Dave

This was asked on IBM-MAIN as well, that maybe you could answer?

Dave,

I would encourage you to check whether websockets are enabled on the T:Z product. If not, nothing to worry about, and you can report the issue to your security team as mitigated.

Joe

We've updated T:Z Quickstart for Tomcat to support the upstream version 9.0.37. You can download the new release here:

https://dovetail.com/downloads/tomcat/index.html

Wow! Thats great! Thank-you very much.

Just a quick followup, 9.0.37 installed and operational. Security team reran the vulnerability scan, and it came back clean. Thank-you very much for the newer port!

Dave