All, You may have already come across this, but Apache Tomcat has had a major RCE (Remove Code Execution) vulnerability (CVE-2025-24813) announced within the last week, and exploits are already occurring.
While not all installations of Tomcat may be impacted, it is important for all DSpace sites (which often use Tomcat) review the vulnerability information and/or consider an immediate upgrade to your Tomcat installation. Vulnerable versions of Tomcat include 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2. You are NOT impacted if you are already running Tomcat 9.0.99, 10.1.35 or 11.0.3 (or any later Tomcat release). For more information see these resources: https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813 Tim -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/2c71399a-a6b6-417e-923f-aa73c4d5a397n%40googlegroups.com.
