TOMCAT 7.0.27

Issues and Questions related to running Apache Tomcat on z/OS
Post Reply
djousma
Posts: 15
Joined: Wed Nov 28, 2012 5:01 pm

TOMCAT 7.0.27

Post by djousma » Fri Aug 28, 2020 8:22 am

Hi, we've been successfully running your TOMCAT package for years. Recently our security team said we are subject to a known vulnerability for Websockets, and looking at the Apache Tomcat page, it is fixed in latest version 9.0.37. I only see 8.5.0 on your website? I guess I dont know where to go and how to resolve this?

Any help/comments would be appreciated?

Thanks, Dave

djousma
Posts: 15
Joined: Wed Nov 28, 2012 5:01 pm

Re: TOMCAT 7.0.27

Post by djousma » Tue Sep 01, 2020 8:15 am

This was asked on IBM-MAIN as well, that maybe you could answer?

Dave,

I would encourage you to check whether websockets are enabled on the T:Z product. If not, nothing to worry about, and you can report the issue to your security team as mitigated.

Joe

SteveGoetze
Posts: 382
Joined: Fri Jul 30, 2004 5:29 pm

Re: TOMCAT 7.0.27

Post by SteveGoetze » Tue Sep 01, 2020 10:00 am

We've updated T:Z Quickstart for Tomcat to support the upstream version 9.0.37. You can download the new release here:

https://dovetail.com/downloads/tomcat/index.html

djousma
Posts: 15
Joined: Wed Nov 28, 2012 5:01 pm

Re: TOMCAT 7.0.27

Post by djousma » Tue Sep 01, 2020 10:13 am

Wow! Thats great! Thank-you very much.

djousma
Posts: 15
Joined: Wed Nov 28, 2012 5:01 pm

Re: TOMCAT 7.0.27

Post by djousma » Wed Sep 02, 2020 12:07 pm

Just a quick followup, 9.0.37 installed and operational. Security team reran the vulnerability scan, and it came back clean. Thank-you very much for the newer port!

Dave

Post Reply