NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hello all, Please upgrade your tomcat servers to the latest releases available: http://tomcat.apache.org/ On Thu, Oct 14, 2021 at 8:19 AM Mark Thomas <markt@xxxxxxxxxx> wrote: > CVE-2021-42340 Denial of Service > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomcat 10.1.0-M1 to 10.1.0-M5 > Apache Tomcat 10.0.0-M10 to 10.0.11 > Apache Tomcat 9.0.40 to 9.0.53 > Apache Tomcat 8.5.60 to 8.5.71 > > Description: > The fix for bug 63362 introduced a memory leak. The object introduced to > collect metrics for HTTP upgrade connections was not released for > WebSocket connections once the WebSocket connection was closed. This > created a memory leak that, over time, could lead to a denial of service > via an OutOfMemoryError. > > Mitigation: > Users of the affected versions should apply one of the following > mitigations: > - Upgrade to Apache Tomcat 10.1.0-M6 or later > - Upgrade to Apache Tomcat 10.0.12 or later > - Upgrade to Apache Tomcat 9.0.54 or later > - Upgrade to Apache Tomcat 8.5.72 or later > > History: > 2021-10-14 Original advisory > 2021-10-14 Correct CVE reference in body of advisory > > References: > [1] https://tomcat.apache.org/security-10.html > [2] https://tomcat.apache.org/security-9.html > [3] https://tomcat.apache.org/security-8.html >
thredds archives: