{
  "repository": "https://github.com/apache/tomcat",
  "commit_source": "release_tag_resolution",
  "commit_sha": "59f3f1ab4f905f94c9c99cad579d6afb3a935b66",
  "submitted_target": {
    "target_kind": "release",
    "version": "10.1.55",
    "commit_sha": "c70966726754f8b3ab63b5ac846a7e7cf6eb255a",
    "ref": "10.1.55",
    "display": "Apache Tomcat 10.1.55 (vulnerable)"
  },
  "variant_target": {
    "target_kind": "release",
    "version": "10.1.56",
    "commit_sha": "59f3f1ab4f905f94c9c99cad579d6afb3a935b66",
    "ref": "10.1.56",
    "display": "Apache Tomcat 10.1.56 (fixed)"
  },
  "notes": "Resolved via git rev-parse of the 10.1.55 and 10.1.56 tags in the mirrored Tomcat repository. The actual runtime test used the binary distributions from https://archive.apache.org/dist/tomcat/tomcat-10/; the compiled numguess.jsp confirmed the source-level fix (property=\"guess\")."
}
