| Tip |
|---|
Did you know you can subscribe to updates to security issues and release notes? Right click and copy this link and paste it into Outlook RSS Feeds or your feed reader of choice. |
January 2, 2025
FLEXDEPLOY-13773 - The HTTPS agent also shows the same vulnerabilities as FlexDeploy had before FLEXDEPLOY-13712. Additionally, 2 other CVEs were addressed in this ticket. Updated Tomcat to 9.0.98, commons-compress to 1.26.0, and commons-configuration2 to 2.10.1 for CVE-2024-56337, CVE-2024-50379, CVE-2024-29131, and CVE-2024-29133.
December 17, 2024
FLEXDEPLOY-13712 - Apache Tomcat before 9.0.98 is affected by CVE-2024-54677 Apache Tomcat - DoS in examples web application and CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet. FlexDeploy does not ship the examples web application so CVE-2024-54677 does not apply. FlexDeploy does not ship the default servlet, so CVE-2024-50379 does not apply. Resolved these CVEs for vulnerability scanners in 8.0.0.9/9.0.0.1.
...