https://community.hpe.com/t5/hpe-morpheus-enterprise/apache-tomcat-vulnerabilities-in-morpheus-appliance-v8-0-1/m-p/7247381#M555 <P>Happy New Year Morpheus Team!<BR /> The latest Morpheus appliance version 8.0.1 comes with Apache Tomcat v9.0.97 that is vulnerable to CVE-2024-56337, CVE-2024-50379, CVE-2024-54677.<BR /> Do you guys already have plans to include the security fix for this(Apache Tomcat v9.0.98 or later) in the upcoming LTS bug fix release in Jan 2025? If not when can we expect the fix?</P> <P>Thanks.</P> Fri, 10 Jan 2025 05:40:04 GMT 2025-01-10T05:40:04Z https://community.hpe.com/t5/hpe-morpheus-enterprise/apache-tomcat-vulnerabilities-in-morpheus-appliance-v8-0-1/m-p/7247381#M555 <P>Happy New Year Morpheus Team!<BR /> The latest Morpheus appliance version 8.0.1 comes with Apache Tomcat v9.0.97 that is vulnerable to CVE-2024-56337, CVE-2024-50379, CVE-2024-54677.<BR /> Do you guys already have plans to include the security fix for this(Apache Tomcat v9.0.98 or later) in the upcoming LTS bug fix release in Jan 2025? If not when can we expect the fix?</P> <P>Thanks.</P> Fri, 10 Jan 2025 05:40:04 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise/apache-tomcat-vulnerabilities-in-morpheus-appliance-v8-0-1/m-p/7247381#M555 2025-01-10T05:40:04Z https://community.hpe.com/t5/hpe-morpheus-enterprise/apache-tomcat-vulnerabilities-in-morpheus-appliance-v8-0-1/m-p/7247382#M556 <P>Believe this is patched in v8.0.2 which is about to release!</P> Fri, 10 Jan 2025 12:18:25 GMT https://community.hpe.com/t5/hpe-morpheus-enterprise/apache-tomcat-vulnerabilities-in-morpheus-appliance-v8-0-1/m-p/7247382#M556 cbunge 2025-01-10T12:18:25Z