Is Tomcat7 supports HTTP2

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Is Tomcat7 supports HTTP2

Tosh, Bibhuti Bhusan (Bibhuti)
HI All,
I am an user of tomcat7 version. I wanted to know this version tomcat 7.0.105 supports HTTP2 and CVE-2020-11996 is still applicable to tis version. I did not any reference of tomcat7 supporting HTTP2 and so asking this questions to community. Thanks in advance.

Regards,
--Bibhuti

Reply | Threaded
Open this post in threaded view
|

Re: Is Tomcat7 supports HTTP2

Martin Grigorov
Hi,

On Thu, Oct 8, 2020 at 9:32 AM Tosh, Bibhuti Bhusan (Bibhuti) <
[hidden email]> wrote:

> HI All,
> I am an user of tomcat7 version. I wanted to know this version tomcat
> 7.0.105 supports HTTP2 and CVE-2020-11996 is still applicable to tis
> version. I did not any reference of tomcat7 supporting HTTP2 and so asking
> this questions to community. Thanks in advance.
>

No, HTTP/2 is available in 8.5.+


>
> Regards,
> --Bibhuti
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Is Tomcat7 supports HTTP2

Christopher Schultz-2
Martin,

On 10/8/20 02:35, Martin Grigorov wrote:

> Hi,
>
> On Thu, Oct 8, 2020 at 9:32 AM Tosh, Bibhuti Bhusan (Bibhuti) <
> [hidden email]> wrote:
>
>> HI All,
>> I am an user of tomcat7 version. I wanted to know this version tomcat
>> 7.0.105 supports HTTP2 and CVE-2020-11996 is still applicable to tis
>> version. I did not any reference of tomcat7 supporting HTTP2 and so asking
>> this questions to community. Thanks in advance.
>>
>
> No, HTTP/2 is available in 8.5.+

Notably, CVE-2020-11996 does not claim that Tomcat 7 is affected. CVEs
don't usually mention products that have already been EOL'd which is why
Tomcat 8.0 (for example) isn't mentioned. But Tomcat 7 is still
supported and isn't mentioned in the tracker, therefore it is not
vulnerable.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]