On Tue, Jan 31, 2023 at 4:34 PM Sean Hulbert <[email protected]> wrote: > > Hello, > > > > Are there any special requirements for Guacamole 1.4.0 to update Tomcat > 9.0.31 to Tomcat 10 or reasons not to do this? >
Yes, Tomcat 10 makes some servlet API changes that require code changes to Guacamole. It's documented, here: https://issues.apache.org/jira/browse/GUACAMOLE-1325 > To resolve the CVE below, and are there any procedural steps documented? WIthout looking at each individual CVE you mentioned, I would say that most, if not all, are probably also fixed in a version of Tomcat 9.0, which will still work with Guacamole. For example, CVE-2021-43980 only impacts 9.0.47 to 9.0.60, and is fixed in current 9.0 releases. I would venture a guess that many/most/all of the rest are the same. So, updating to the latest version of Tomcat 9.x should be a perfectly acceptable procedural step. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
