Skip to content

[GHSA-x4m4-345f-5h5g] Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File#7652

Open
aruneko wants to merge 1 commit into
aruneko/advisory-improvement-7652from
aruneko-GHSA-x4m4-345f-5h5g
Open

[GHSA-x4m4-345f-5h5g] Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File#7652
aruneko wants to merge 1 commit into
aruneko/advisory-improvement-7652from
aruneko-GHSA-x4m4-345f-5h5g

Conversation

@aruneko

@aruneko aruneko commented May 12, 2026

Copy link
Copy Markdown
Contributor

Updates

  • Affected products

Comments
improve affected packages

Copilot AI review requested due to automatic review settings May 12, 2026 01:12
@github-actions github-actions Bot changed the base branch from main to aruneko/advisory-improvement-7652 May 12, 2026 01:14
Copilot AI reviewed May 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub-reviewed OSV advisory for GHSA-x4m4-345f-5h5g / CVE-2026-34487 (Apache Tomcat sensitive info logged via clustering “cloud membership”) to better reflect the actually affected Maven artifacts.

Changes:

  • Switch affected Maven artifact entries from org.apache.tomcat:tomcat-catalina to org.apache.tomcat:tomcat-tribes.
  • Remove affected entries for org.apache.tomcat.embed:tomcat-embed-core for this advisory.
  • Minor bump to the advisory modified timestamp.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions Bot added the Stale label Jun 9, 2026
@aruneko

aruneko commented Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

How is the status of a review for this pull request?

@github-actions github-actions Bot removed the Stale label Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aruneko