Hi all,
Anyone know what to do about the serious CVS-exploit of Tomcat? Pertaining to all issues of Tomcat, also those installed with Lucee?
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
If you are talking about this:
https://www.cve.org/CVERecord?id=CVE-2024-56337
It effets all versions of tomcat, and it appears the binaries and source have not been released as of this morning to address the issue with tomcat.
Once down, you can upgrade tomcat and then install Lucee as a war, or await for the patch service to delivery an upated binary