Skip to content

Tomcat version #100

New issue
New issue
Open
Open
Tomcat version#100
@gsainsbury86

Description

@gsainsbury86
gsainsbury86
opened on Nov 23, 2022

Hi, I've been using the opensilex-docker-compose repo to spin up and run our PHIS instance but it has come up in a scan of Tomcat vulnerabilities: [https://nvd.nist.gov/vuln/detail/CVE-2022-42252](https://nvd.nist.gov/vuln/detail/CVE-2022-42252)

I had a similar issue with the RDF4J container but resolved that with a one-liner change to the Dockerfile to use a different tomcat tag (FROM tomcat:8-jre11 AS wb instead of FROM tomcat:8.5-jre11-temurin AS wb.

I tried the same thing with the Dockerfile for opensilex but noticed that the tomcat version is specified in the Maven pom.xml (as below). In order to update it, I would have to build the entire opensilex application from source, after making the POM change, and then use that built release for the opensilex container.

<tomcat.version>9.0.39</tomcat.version>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions