Hi Wyatt,
the embedded tomcat instance is used to preview generated javadoc and
similar usecases. Since it isn't facing the web, the typical CVEs often
don't apply there. Are you worried about something in particular?
The embedded instance is a regular NetBeans dependency which can't be
updated in a supported way once NB is built. But updating lib wrapper
modules is often fairly easy:
https://github.com/apache/netbeans/pull/7919/files
what does your scanner say about this build?
https://github.com/apache/netbeans/actions/runs/11561261789/artifacts/2114223969
(7 days expiration, requires github account to download)
best regards,
michael
On 28.10.24 18:56, Tellis, Wyatt wrote:
Hi,
I’m using NB23 and our security scanners have flagged it for running
Tomcat 9.0.71, which contains numerous vulnerabilities:
https://tomcat.apache.org/security-9.html
Is there a way to update the embedded version of Tomcat?
Thanks,
Wyatt
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org
For additional commands, e-mail: users-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
