Community
Participate
Working Groups
tomcat-embed JAR’s were found under configuration/org.eclipse.osgi/1218/0/.cp/lib/tomcat-embed-core-8.0.33.jar and the plugin using this JAR is org.eclipse.cft.server.core. On the other hand A question asked to Tomcat support (tomcat-users) was "Being tomcat-embed derived from Tomcat server, could tomcat-embed has the vulnerabilities that Tomcat server has?" The response was Yes I'd like to know if my Eclipse instance, using CFT, would be affected by the vulnerabilities recorded by tomcat.apache.org https://tomcat.apache.org/security-9.html Thank you