Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-19726

Upgrade to Tomcat 7.0.81

    XMLWordPrintable

    Details

    • Tags:
    • Upgrade notes:
      Hide

      Tomcat 7.0.81 has a slightly different behavior when parsing URLs containing multiple consecutive slashes, they are not normalized anymore to a single slash. This may have an impact on REST APIs that will now consider the path as incorrect, and would require fixes in the clients if they send such non-normalized paths.

      Show
      Tomcat 7.0.81 has a slightly different behavior when parsing URLs containing multiple consecutive slashes, they are not normalized anymore to a single slash. This may have an impact on REST APIs that will now consider the path as incorrect, and would require fixes in the clients if they send such non-normalized paths.
    • Sprint:
      nxfit 8.4.7, nxcore 9.3.6
    • Story Points:
      2

      Description

      Upgrade to Tomcat 7.0.81 to protect against a potential CSRF token leak in the default manager applications distributed with Tomcat (http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68) and the Windows remote code execution issue (http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81).

      For the CSRF, note that this has nothing to do with CSRF in Nuxeo itself. As a workaround, simply delete $NUXEO/webapps/manager and $NUXEO/webapps/host-manager.

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. NXPY-22 Sanitize relative URLs

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Task - A task that needs to be done. NXP-17801 Upgrade to Tomcat 7.0.64

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-20720 Upgrade to Tomcat 7.0.69

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is required by

          Task - A task that needs to be done. NXP-23139 Backport upgrade of Tomcat 7.0.81 to 8.10 HF

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NXP-20370 Upgrade to Tomcat 8.5.23

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h