Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-19726

Upgrade to Tomcat 7.0.81

    XMLWordPrintable

    Details

    • Upgrade notes:
      Hide

      Tomcat 7.0.81 has a slightly different behavior when parsing URLs containing multiple consecutive slashes, they are not normalized anymore to a single slash. This may have an impact on REST APIs that will now consider the path as incorrect, and would require fixes in the clients if they send such non-normalized paths.

      Show
      Tomcat 7.0.81 has a slightly different behavior when parsing URLs containing multiple consecutive slashes, they are not normalized anymore to a single slash. This may have an impact on REST APIs that will now consider the path as incorrect, and would require fixes in the clients if they send such non-normalized paths.
    • Sprint:
      nxfit 8.4.7, nxcore 9.3.6
    • Story Points:
      2

      Description

      Upgrade to Tomcat 7.0.81 to protect against a potential CSRF token leak in the default manager applications distributed with Tomcat (http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68) and the Windows remote code execution issue (http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81).

      For the CSRF, note that this has nothing to do with CSRF in Nuxeo itself. As a workaround, simply delete $NUXEO/webapps/manager and $NUXEO/webapps/host-manager.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.