cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Change Title

Update on Apache Tomcat and Apache HTTP Server Minor Versions

Change Type

Class 2

Change Summary

  1. Apache Tomcat (Product ID: 48)

    Minor versions of major versions 7.0.x, 8.5.x, 9.0.x,10.0.x will be kept in Technopedia and, since these versions are still currently supported or just recently reached EOL, we'll also map Normalize data to them.

    Minor versions for other major versions (e.g., 5.0.x, 6.0.x, 8.0.x) will also be kept in Technopedia; however, they are not going to be used in Normalize mapping since they have already been EOL for a long time (more than three years).

  2. Apache HTTP Server (Product ID: 80850)

    Minor versions of major version 2.4.x will be kept and, since these versions are still currently supported, Normalize mappings will also be done to them.

    Minor versions from other major versions will also be kept in Technopedia; however, they are not going to be used in Normalize mapping since they have already been EOL for a long time (more than three years).

These minor versions were previously flagged as 'To be deleted'. These flags will be removed (i.e., these minor versions will not be deleted).

Going forward, any newly released minor versions for these products will continue to be captured in Technopedia as well as being used in Normalize mappings.

Note that for security/vulnerability use-cases, we continue to map every detail/granular version of CPE to the discovered or evidence version, regardless of whether Normalize mapped them to major or minor versions.

Impact

This change will impact customers who rely on the version information of Apache Tomcat and Apache HTTP Server in Technopedia. The change needs the customer to manage downstream processes and reporting in their organization. 

Change example:

Raw evidence/discovered data:
Apache Tomcat 7.0.12
Apache Tomcat 8.5.12
Apache HTTP Server 2.4.10

Previous Mapping

After the Change

Apache | HTTP Server | 2.4

Apache | HTTP Server | 2.4.10

Apache | Tomcat | 7.0

Apache | Tomcat | 7.0.12

Apache | Tomcat | 8.5

Apache | Tomcat | 8.5.12


For the full list of releases that will get impacted by these changes, please refer to the attachment below.

When

Customers should expect these changes to be completed within 4 weeks from the publication date of this notification.