Foreman and CVE-2021-44228

Foreman and the common projects it interacts with are not impacted by CVE-2021-44228. For those who are more curious, here are the details!

This is a companion discussion topic for the original entry at

For the record since I was quite confused and @evgeni had to navigate me through this:

The latest version of Tomcat in RHEL8 / CentOS8 / Stream is:


Beware that tomcat is actually named pki-servlet-engine. Spent some time digging tomcat in extra repos and appstreams…

1 Like