...
FLEXDEPLOY-13773 - The HTTPS agent also shows the same vulnerabilities as FlexDeploy had before FLEXDEPLOY-13712. Additionally, 2 other CVEs were addressed in this ticket. Updated Tomcat to 9.0.98, commons-compress to 1.26.0, and commons-configuration2 to 2.10.1 for CVE-2024-56337, CVE-2024-50379, CVE-2024-29131, and CVE-2024-29133. Resolved in HTTPS Agent versions 8.0.0.10, 9.0.0.2.
December 17, 2024
FLEXDEPLOY-13712 - Apache Tomcat before 9.0.98 is affected by CVE-2024-54677 Apache Tomcat - DoS in examples web application and CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet. FlexDeploy does not ship the examples web application so CVE-2024-54677 does not apply. FlexDeploy does not ship the default servlet, so CVE-2024-50379 does not apply. Resolved these CVEs for vulnerability scanners in 8.0.0.9/9.0.0.1.
...