[ All 3 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ]
×

Package tomcat-1:9.0.87-1.el8_10.3.noarch download

Name tomcat
Epoch 1
Version 9.0.87
Release 1.el8_10.3
Architecture noarch
Website/URL http://tomcat.apache.org/
License ASL 2.0
Build Time 2025-04-09 09:04:51
Build Host builder-x86-11.inferitos.ru
Summary Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API
Repositories AppStream
Description Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Errata INFSA-2025:3683
Size 93 KiB
Source Project tomcat-9.0.87-1.el8_10.3
SHA-256 checksum d5142dca6a1f268ef8310756e4cbeae4c5798d5b443db1bc5275fe253886851e
× Full screenshot
Changelog link 
* Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3
- Resolves: RHEL-82934
  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71708
  tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.2
- Resolves: RHEL-46167
  tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)

* Mon Jun 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1.el8_10.1
- Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly
- Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-29255
  tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-29250
  tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)

* Fri Jan 19 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-30
- Resolves: RHEL-6971

* Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-29
- Resolves: RHEL-17602
  tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
- tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)

* Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-28
- Resolves: RHEL-13907
  tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
- Resolves: RHEL-13904
  tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- Resolves: RHEL-12951
  tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- Resolves: RHEL-12544
  tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Resolves: RHEL-2386
  tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)

* Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-27
- Related: RHEL-12543
  tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Bump release number

* Thu Oct 12 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-16
- Resolves: RHEL-12543
  tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Remove JDK subpackges which are unused

* Fri Sep 08 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-14
- Related: RHEL-2330 Bump release number

* Thu Sep 07 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-13
- Resolves: RHEL-2330 Revert the fix for pki-servlet-engine