Am 30. August 2024 16:20:24 MESZ schrieb Mark Thomas <ma...@apache.org>:
>On 30/08/2024 15:15, Kenan, John wrote:
>> Apache Tomcat Security Team:
Hi,
>> Please advise when an update to Apache Tomcat will be released that
>> addresses the following Curl and libcurl security vulnerabilities:
>
>What makes you think Tomcat has a dependency on Curl and/or libcurl?
This kind of checkbox security is also implemented at my employer.
I assume a similar procedure is implemented here, and probably does involve a
static code scanner of docker images and probably somehow disallows the deploy
of images containing "critical" and/or "high" CVE finding...
@John: what docker image are you talking about? As far as I know Apache
Foundation doesn't offer an official docker image.
>
>Mark
>
>
>>
>> Critical:
>> CVE-2023-38545
>>
>> High:
>> CVE-2024-7264
>>
>> Medium:
>> CVE-2023-46218
>> CVE-2023-46219
>> CVE-2024-0853
>>
>> Low:
>> CVE-2023-38546
>>
>> Thank you,
>>
>> John P. Kenan
>> DevSecOps Engineer
>> US Environmental Protection Agency
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
