Latest news (16:15)

XC does nut utilize the vulnerable part in Tomcat. 

If you still want a patch or upgrade to be sure, please contact Customer Services. See the update from 16:15.

January 30, 2025

We received a notification about a security incident. The approach was as follows:

14:00

Contacted the functional administrator, who confirmed that the issue concerns the vulnerability in Tomcat: CVE-2024-50379.

14:10

Initial analysis by the architect, with a preliminary conclusion that the CMS is not vulnerable.

14:20

Further investigation with the hosting provider. The system administrator confirmed the preliminary conclusion that the CMS is indeed not vulnerable. The affected component of Tomcat does not appear to be in use.

14:30

Follow-up investigation with the CMS Product team’s architect. The CMS Product team conducted an independent review of the reported vulnerability. They also concluded that the CMS is not affected, as the specific Tomcat component is not used by the CMS.

15:10

Final conclusion, including justification, was communicated in a Teams call with the functional administrator, hosting provider, and information security consultant. The explanation was validated, and the incident priority was downgraded. Tomcat will be upgraded during regular maintenance.

16:04

Incident resolved.

16:15

The CMS is not affected by CVE-2024-50379. However, we always recommend using the latest software versions, including the most recent Tomcat version. If you have any concerns, feel free to contact Customer Services. They can work with you to determine additional steps to address your concerns.