Zum Hauptinhalt springen

25 Posts getaggt mit "Security"

Alle Tags anzeigen

Patch 2026.1.1 / CVEs

CVE Jackson-Databind

Two vulnerabilities CVE-2026-54512 and CVE-2026-54513 have been disclosed affecting jackson-databind, which is used by the INFOMOTION Data Management Center (DMC). The DMC package ships with Jackson components that are used across all deployment options.

We are therefore releasing an updated version 2026.1.1 of Data Management Center that includes a patched version of jackson-databind.

(since 2026.1.0)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:d186e02db3a748e0bab4521b3df1a93879275b3742756b61883a5d412ffd48d3

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2026.1.1/dmc.war (sha256: cfa1e5079af802ff2fc4d679b2e168bcd3a0483d960e8fee45bc4eddd1451475)

Patch 2025.2.10 / CVEs

CVE Jackson-Databind

Two vulnerabilities CVE-2026-54512 and CVE-2026-54513 have been disclosed affecting jackson-databind, which is used by the INFOMOTION Data Management Center (DMC). The DMC package ships with Jackson components that are used across all deployment options.

We are therefore releasing an updated version 2025.2.10 of Data Management Center that includes a patched version of jackson-databind.

(since 2025.2.9)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:ff015d956aac9964fea382af1ccf88a2a4037b8c564e6fa2aa6f4cd135ccfcd4

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.10/dmc.war (sha256: 0161c75aaa3c2de7ceeda13d836a280bbf6221c4a321b28b9423795585d803e1)

Patch 2025.2.9

CVE Apache Shiro

A vulnerability CVE-2026-49268 has been disclosed affecting Apache Shiro, which is used by the INFOMOTION Data Management Center (DMC).

We are therefore releasing an updated version 2025.2.9 of Data Management Center that includes Apache Shiro 2.2.1, which resolves this issue.

Bugfixes

  • fix: Adding checkbox columns after table creation threw exception on Postgres & Oracle

(since 2025.2.8)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:d74bb3efcf4af4151311131fcf52c869679c6b7551ec45000c035c5e91d55e42

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.9/dmc.war (sha256: 380613b56eb5d403121f335f8e2e69dec8afbfab066b9339e0366c92051fbbf6)

Patch 2025.2.8 / CVEs

CVE Spring Framework

Three vulnerabilities CVE-2026-41851, CVE-2026-41842, and CVE-2026-41850 have been disclosed, affecting the Spring Framework. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.

Based on our analysis, we do not believe Data Management Center to be impacted by these vulnerabilities. Two of them (CVE-2026-41851 and CVE-2026-41850) affect applications that evaluate user-supplied Spring Expression Language (SpEL) expressions, which DMC does not support. The third (CVE-2026-41842) affects applications making use of Spring's versioned static resource handling, which DMC does not employ.

Nonetheless, we are now releasing an updated version 2025.2.8 of Data Management Center that includes a patched version of the Spring Framework.

Features

  • Snowflake merge inline threshold and insert chunk size are now configurable via environment variables (DMC_SNOWFLAKE_MERGE_INLINE_THRESHOLD, DMC_SNOWFLAKE_INSERT_CHUNK_SIZE)

Bugfixes

  • Snowflake sync no longer fails on very large tables
  • Table filters now work correctly for date, boolean column types on Postgres
  • Eliminated race condition when inserting categories that could cause data corruption under concurrent load
  • Table title and category name now update correctly in the navbar after a rename
  • Sidebar now refreshes correctly when category information changes
  • Category insert and update requests are now serialized to preserve input order and prevent duplicate sort_order values under concurrent inserts

Performance

  • Snowflake sync is now properly batched significantly reducing load for large sync operations
  • Bulk merge import is significantly faster on large tables
  • CSV/Excel import performance is substantially improved for large tables when data permissions are active
  • Fixed stale data permission checks, when table-level permissions were disabled

(since 2025.2.7)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:645fbadbea16fd6e80de70e1b531b0783dcaa931cd77ac946c23712fbf831d18

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.8/dmc.war (sha256: a729519aa7f116ef22d5ee0150b8ce9fe77964f74756a65ab59e516ddf79ed51)

Patch 2025.2.7

Two vulnerabilities CVE-2026-42498 and CVE-2025-41284 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.2.7 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Bugfixes

  • Fixed duplicate column name error caused by stale state in the create-table form

  • Fixed JSON parse exception in Snowflake environments when updating data permissions

(since 2025.2.6)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:2c1426feea2bd6c14ecfa20d364256b6052b76c67f51132a92af7a83e8c8d7c6

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.7/dmc.war (sha256: c56a4e10ddb2ca36eb797f06bc5c126da79aa0584e95f85199ae27b60bc9635a)

Patch 2025.2.5 / CVEs

Several vulnerabilities have been disclosed affecting the open-source Log4j library:

A version of Log4J is included in the INFOMOTION Data Management Center package and used across all deployment options. However, according to information available so far, only very specific Log4j components (XmlLayout, JsonTemplateLayout, Rfc5424Layout) of Log4j are affected, neither of which are used in the default configuration of INFOMOTION Data Management Center.

Nonetheless, we are now releasing an updated version 2025.2.5 of Data Management Center that includes a patched version of the Log4J dependency.

Bugfixes

  • Fix: Wildcard '*' for numeric data permissions

  • fix: Duplicate name validation for tables and columns

(since 2025.2.4)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:679425375d3590a2e14e8f14e24930056768471d35d3ee710f7a890baeb35e37 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.5/dmc.war (sha256: 9d4b88b27be5780cd3c1b8f8d5b5a8d545286b5f3674b323ef878e9f13c3f180)

Patch 2025.2.4 / CVEs

CVEs Tomcat

Several vulnerabilities CVE-2026-34487, CVE-2026-24880, CVE-2026-29146, CVE-2026-34483, CVE-2026-29145 and CVE-2026-29129 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.2.4 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

CVE Spring Framework

Additionally, one vulnerability in the Spring Framework CVE-2026-22731 has been disclosed. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.

Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.

Nonetheless, we are now releasing an updated version 2025.2.4 of Data Management Center that includes a patched version of the Spring Framework.

Bugfixes

  • Fix: Numeric fields with decimals now allow correct digit entry
  • Fix: Disabled form fields now persist correctly after rebuilds
  • Fix: UI now refreshes after category sort order changes
  • Fix: UI now refreshes after table sort order changes
  • Fix: domain-edit dialog showed incorrect validation icon state
  • Fix: domain-edit dialog now revalidates SQL on domain value changes
  • Fix: command-edit dialog now allows re-copying previously copied entries
  • Fix: Mail task email validator now requires a full domain with TLD
  • Fix: Mail task email input validation state now updates correctly

Improvements

  • Improvement: Added visual separators for category changes in the table-admin-view
  • Improvement: Improved visibility of visual separators in the task-edit-view

(since 2025.2.3)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:e9c475c3285d459a171db180d024c7d162781beb56085f5afeea4c2134094688

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.4/dmc.war (sha256: a21945ca8c6510bff72380d74eb89d5b6d31fbebb43c0f75b56c33210feb005c)

Patch 2024.2.15

Two vulnerabilities CVE-2026-24734 and CVE-2025-66614 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.15 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

(since 2024.2.14)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.15

Patch 2025.2.3 / CVE-2026-24734 & CVE-2025-66614

Two vulnerabilities CVE-2026-24734 and CVE-2025-66614 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.2.3 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Bugfixes

  • Fix: Suggested admin mapping (import-dialog) is now correctly displayed on Date, Filename, DateTime, Rownumber columns
  • Fix: Missing English translations for Qs-Mail-Task-Form

(since 2025.2.2)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:e70a0ebe090ebaec02160451d975bde46c99c743406366494eedfd115e6c318c WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.3/dmc.war (sha256: bfd86054cd14e7c2674de88d4231ee31cf97931c5648a08b421d88ac0e41a04e)

Patch 2024.2.13 / CVEs CVE-2025-55752 & CVE-2025-55754

Two vulnerabilities CVE-2025-55752 and CVE-2025-55754 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.13 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

(since 2024.2.12)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.13

Patch 2025.1.5 / CVEs CVE-2025-55752 & CVE-2025-55754

Two vulnerabilities CVE-2025-55752 and CVE-2025-55754 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.13 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.
(since 2025.1.4)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:6297c90cb72a67bcb6b1c8b8537b9f5bc82ff326292b73363d5ced718dd1b800

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.5/dmc.war (sha256: 49402986017c752e665d4d674427bc8279a76c86d60521d311d9fb12c19d568a)

Patch 2024.2.12 / CVE-2025-59250

A version of the Microsoft JDBC Driver for SQL Server is included in the INFOMOTION Data Management Center package and used across all deployment options. We are now releasing an updated version 2024.2.12 of Data Management Center that includes a patched version of the Microsoft JDBC Driver for SQL Server to address CVE-2025-59250.

Bugfixes

  • Fix: Table-UI (List of tables) did not update when a table was deleted

(since 2024.2.11)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.12

Patch 2025.1.4 / CVE-2025-59250

A version of the Microsoft JDBC Driver for SQL Server is included in the INFOMOTION Data Management Center package and used across all deployment options. We are now releasing an updated version 2025.1.4 of Data Management Center that includes a patched version of the Microsoft JDBC Driver for SQL Server to address CVE-2025-59250.

Bugfixes

  • fix(import): Ensure upsert behavior when using custom primary key instead of insert-only
  • fix: Table inMemory could not be updated due to JSON parsing discrepancy
  • fix: Data page does not update on page change
  • fix: Applying TableFilters caused IndexOutOfBounds-Error
  • Fix: Table-UI (List of tables) did not update when a table was deleted

(since 2025.1.3)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:5dcdb35ce61e2b08836b3125e54869d624f75f14f10d2e50feff9c6b47711a0e WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.4/dmc.war (sha256: c44bad4cf8d894f25a01daf47c36f7bbd7f891107a691496885bf2b5a09a327b)

Patch 2024.2.11 / CVE-2025-41249

CVE-2025-41242

A vulnerability in the Spring Framework CVE-2025-41249 has been reported. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.

Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.

Nonetheless, we are now releasing an updated version 2024.2.11 of Data Management Center that includes a patched version of the Spring Framework.

Dependency Upgrades

  • Upgrade Spring Boot from 6.2.10 to 6.2.11.

Features

  • Added ENV Parameter DMC_TRIM_ALL_NON_PKS to trim all non-primary-key fields.

Bugfixes

  • Ensured proper rollback of caches when DeploymentSet import fails due to exceptions.
  • Fixed incorrect validation in Trigger Form.
  • Fixed incorrect validation in Task Form.
  • Fixed translation error in Table-View.
  • Resolved error in Admin-Task-View caused by invalid commands missing a tableId. Added a tooltip to indicate when a command is invalid and will not be scheduled.
  • Improved error message for Objects not found: COMMAND #-2147483648 when deleting a command referenced by a task.
  • Editing is now possible when domain values are invalid; outdated entries (not part of the list of values) are shown with a warning.
  • Fixed issue where entries could not be deleted if a primary key field was set to null.
  • Scheduled commands that fail due to a missing command are now automatically unscheduled.

(since 2024.2.10)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.11

Patch 2025.1.3 / CVE-2025-41249

CVE-2025-41242

A vulnerability in the Spring Framework CVE-2025-41249 has been reported. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.

Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.

Nonetheless, we are now releasing an updated version 2025.1.3 of Data Management Center that includes a patched version of the Spring Framework.

Dependency Upgrades

  • Upgrade Spring Boot from 6.2.10 to 6.2.11.

Features

  • Added ENV Parameter DMC_TRIM_ALL_NON_PKS to trim all non-primary-key fields.

Bugfixes

  • Ensured proper rollback of caches when DeploymentSet import fails due to exceptions.
  • Fixed incorrect validation in Trigger Form.
  • Fixed incorrect validation in Task Form.
  • Fixed translation error in Table-View.
  • Resolved error in Admin-Task-View caused by invalid commands missing a tableId. Added a tooltip to indicate when a command is invalid and will not be scheduled.
  • Improved error message for Objects not found: COMMAND #-2147483648 when deleting a command referenced by a task.
  • Editing is now possible when domain values are invalid; outdated entries (not part of the list of values) are shown with a warning.
  • Fixed issue where entries could not be deleted if a primary key field was set to null.
  • Scheduled commands that fail due to a missing command are now automatically unscheduled.

(since 2025.1.2)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:bd1d896e0ff996c19ebcb9bb197db5905b213eb4636721921e15fc4ca7b6d202 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.3/dmc.war (sha256: 2246bdebba17989ad468f89433f4bb5fe21e09a8973273f923ac00e8623c2d4c)

Patch 2024.2.10 / CVEs CVE-2025-48989 & CVE-2025-41242

CVE-2025-48989

A vulnerability CVE-2025-48989 has been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.10 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

CVE-2025-41242

A vulnerability CVE-2025-41242 has been disclosed, affecting certain Spring Framework MVC applications in non-compliant servlet environments.

The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.
We are now releasing an updated version 2024.2.10 of Data Management Center that includes a patched version of Spring Framework.

Please note:

  • Deployments of DMC using the embedded Tomcat servlet container are not affected by this vulnerability, since Tomcat properly rejects malicious path sequences.
  • Nevertheless, we include the patched Spring Framework in this release to ensure ongoing security and compatibility.
  • If DMC is deployed within a custom servlet container, that environment should be checked and updated accordingly.

Dependency Upgrades

  • Upgrade Tomcat from 10.1.43 to 10.1.44 to avoid potential issues with CVE-2025-48989.
  • Upgrade Spring Boot from 6.2.8 to 6.2.10 to avoid potential issues with CVE-2025-41242

Bugfixes

  • Fixed an issue where List-of-Values without a filterColumn failed with cryptic errors.
  • Fixed an issue where the checkmark on the update view is shows the incorrect state.
  • Fixed an issue where QS rules were not revalidated when the table changes, which resulted in invalid SQLs.
  • Fixed an issue where commands configured with QA CHECK BEFORE EXECUTION and Abort on error failed with a INTERNAL_SERVER_ERROR if no QA rules were defined.
  • Fixed a header configuration error within table/{tableId}/data/delete.
  • Prevented use of SQL keywords in columnName or title during Create-Table-Process.
  • Fixed cryptic errors in the TablePerm workflow.
  • Fixed a deserialization error for table permissions during the create process.
  • Fixed an issue where the view did not update after importing a Deployment Set.
  • Fixed an issue where attempting to rename a column during deployment-import lead to cryptic error message

Improvements

  • Enhanced Field descriptions within Input-Data fields.

(since 2024.2.9)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.10

Patch 2025.1.2 / CVEs CVE-2025-48989 & CVE-2025-41242

CVE-2025-48989

A vulnerability CVE-2025-48989 has been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.1.2 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

CVE-2025-41242

A vulnerability CVE-2025-41242 has been disclosed, affecting certain Spring Framework MVC applications in non-compliant servlet environments.

The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.
We are now releasing an updated version 2025.1.2 of Data Management Center that includes a patched version of Spring Framework.

Please note:

  • Deployments of DMC using the embedded Tomcat servlet container are not affected by this vulnerability, since Tomcat properly rejects malicious path sequences.
  • Nevertheless, we include the patched Spring Framework in this release to ensure ongoing security and compatibility.
  • If DMC is deployed within a custom servlet container, that environment should be checked and updated accordingly.

Dependency Upgrades

  • Upgrade Tomcat from 10.1.43 to 10.1.44 to avoid potential issues with CVE-2025-48989.
  • Upgrade Spring Boot from 6.2.8 to 6.2.10 to avoid potential issues with CVE-2025-41242

Bugfixes

  • Fixed an issue where List-of-Values without a filterColumn failed with cryptic errors.
  • Fixed an issue where the checkmark on the update view is shows the incorrect state.
  • Fixed an issue where QS rules were not revalidated when the table changes, which resulted in invalid SQLs.
  • Fixed an issue where commands configured with QA CHECK BEFORE EXECUTION and Abort on error failed with a INTERNAL_SERVER_ERROR if no QA rules were defined.
  • Fixed a header configuration error within table/{tableId}/data/delete.
  • Prevented use of SQL keywords in columnName or title during Create-Table-Process.
  • Fixed cryptic errors in the TablePerm workflow.
  • Fixed a deserialization error for table permissions during the create process.
  • Fixed an issue where the view did not update after importing a Deployment Set.
  • Fixed an issue where attempting to rename a column during deployment-import lead to cryptic error message

Improvements

  • Enhanced Field descriptions within Input-Data fields.

(since 2025.1.1)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:2393a32c3c7bfa9c93813a3bd932f5eb0315fd283cba46481496c0a2d30b5c61 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.2/dmc.war (sha256: 9738ab489ed60937bff5216b0311f3aee3d0296b642ecb260f58b00eb23f87f3)

Patch 2024.2.9 / CVEs CVE-2025-53506 & CVE-2025-52550

Two separate vulnerabilities CVE-2025-53506 and CVE-2025-52520 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.9 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Dependecy Upgrades

(since 2024.2.8)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.9

Patch 2025.1.1 / CVEs CVE-2025-53506 & CVE-2025-52550

Two separate vulnerabilities CVE-2025-53506 and CVE-2025-52520 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.1.1 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Dependecy Upgrades

(since 2025.1.0)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:582f38135d34b032f7d928791c4db8b6532e3fbe8190a1c2e8b8bb85fd7b8756 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.1/dmc.war (sha256: 4925e519a125eb9b615ee12d75f8ebf1008c46109504738758204946b08c5d31)

CVE-2025-24813: DMC probably not affected & patches

A vulnerability CVE-2025-24813 has been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat it is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options.

While the vulnerability is flagged as potentially having a critical impact, the published information lists very specific preconditions. Based on our understanding, the information disclosure and remote code execution scenarios depend (among others) on the following preconditions being met:

  • The Tomcat default servlet must be enabled
  • Additionally, it must be configured enable writes

Both of these are not given in the INFOMOTION Data Management Center:

  • The Tomcat Default Servlet is not enabled within DMC.
  • Also, the servlet is read-only by default unless explicitly configured otherwise, which DMC does not do.

Nonetheless, we will be releasing an updated version 2024.2.4 of Data Management Center shortly that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.