Pki-servlet-engine marked as 'Will not fix' for newer CVEs

Hi ,
we are at katello 4.10 and foreman 3.8 on Oracle Linux 8 server for katello , and pki-servlet-engine-9.0.50-1 is the latest update , there are a few CVE security tickets about this version of pki-servlet-engine, some of these showed “will not fix” on Red Hat site .
According to Why is pki-servlet-engine marked as 'Will not fix' for newer CVEs? - Red Hat Customer Portal, Red Hat will not provide fix to pki-sevlet-engine package anymore but instead will do it for the tomcat package . Is there a plan to move away from pki-servlet-engine package and use tomcat instead for katello ?

Thanks.

1 Like