ID | 29668 |
Package Name | tomcat |
Version | 9.0.87 |
Release | 1.el8_10.1 |
Epoch | 1 |
Draft | False |
Source | git+https://git.cclinux.org/stage/rpms/tomcat.git#db5f263e8b322a56a8fb6025c906a9de43b13b3a |
Summary |
Description |
Built by | distrobuild |
State |
complete
|
Volume |
DEFAULT |
Started | Wed, 19 Jun 2024 16:42:12 CST |
Completed | Wed, 19 Jun 2024 16:44:14 CST |
Task | build (dist-circle8_10-updates, /stage/rpms/tomcat.git:db5f263e8b322a56a8fb6025c906a9de43b13b3a) |
Extra | {'source': {'original_url': 'git+https://git.cclinux.org/stage/rpms/tomcat.git?#db5f263e8b322a56a8fb6025c906a9de43b13b3a'}} |
Tags |
|
RPMs |
src | |
|
tomcat-9.0.87-1.el8_10.1.src.rpm (info) (download) |
noarch |
|
tomcat-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-admin-webapps-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-docs-webapp-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-el-3.0-api-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-jsp-2.3-api-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-lib-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-servlet-4.0-api-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
tomcat-webapps-9.0.87-1.el8_10.1.noarch.rpm (info) (download)
|
|
Logs |
|
Changelog |
* Mon Jun 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1.el8_10.1
- Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly
- Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-29255
tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-29250
tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
* Fri Jan 19 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-30
- Resolves: RHEL-6971
* Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-29
- Resolves: RHEL-17602
tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
- tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
* Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-28
- Resolves: RHEL-13907
tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
- Resolves: RHEL-13904
tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- Resolves: RHEL-12951
tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- Resolves: RHEL-12544
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Resolves: RHEL-2386
tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-27
- Related: RHEL-12543
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Bump release number
* Thu Oct 12 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-16
- Resolves: RHEL-12543
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Remove JDK subpackges which are unused
* Fri Sep 08 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-14
- Related: RHEL-2330 Bump release number
* Thu Sep 07 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-13
- Resolves: RHEL-2330 Revert the fix for pki-servlet-engine
* Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-12
- Related: #2184135 Declare file conflicts
* Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-11
- Resolves: #2184135 Fix bug introduced in initial commit
* Fri Aug 18 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-10
- Resolves: #2210630 CVE-2023-28709 tomcat
- Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure
- tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
tomcat: JsonErrorReportValve injection (CVE-2022-45143)
tomcat: request smuggling (CVE-2022-42252)
tomcat: local privilege escalation vulnerability (CVE-2022-23181)
* Thu Aug 17 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-9
- Resolves: #2184135 Add Obsoletes to tomcat package
* Thu Aug 17 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-8
- Resolves: #2189676 Missing Tomcat POM files in RHEL 8.9
* Tue Aug 15 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-7
- Related: #2173874 Tomcat installs older java even though newer java is installed
- Bump release number
* Fri Aug 11 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-6
- Resolves: #2173874 Tomcat installs older java even though newer java is installed
- Sync with rhel-8.8.0 branch
* Thu Feb 16 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-5
- Related: #2160455 Add conflicts to subpackage
* Wed Feb 15 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-4
- Resolves: #2160455 Add Tomcat 9 to RHEL8
|