A security scan on our server (Centos 6.5 running Lucee 4.5.1.022) tells me
that there is a medium risk associated with:
83526 - Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)
The Tomcat version that is bundled with Lucee is 7.0.59 whereas the latest
version which patches these vulnerabilities is 7.0.60 or higher (latest
available is 7.0.62).
I have searched for issues related to updating just the Tomcat version
within Lucee but have found no information.
Can anyone outline whether they have updated Tomcat within Lucee and what
issues I might encounter please?
I think it best to avoid the risk identified with version 7.0.59