Changelog for
tomcat-docs-webapp-9.0.87-1.el8_10.2.noarch.rpm :
* Thu Aug 08 2024 Adam Krajcik
- 1:9.0.87-1.el8_10.2- Resolves: RHEL-46167 tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
* Mon Jun 03 2024 Sokratis Zappis - 1:9.0.87-1.el8_10.1- Resolves: RHEL-38548 - Amend tomcat package\'s changelog so that fixed CVEs are mentioned explicitly- Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87- Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)- Resolves: RHEL-29250 tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
* Fri Jan 19 2024 Hui Wang - 1:9.0.62-30- Resolves: RHEL-6971
* Thu Jan 18 2024 Hui Wang - 1:9.0.62-29- Resolves: RHEL-17602 tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)- tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
* Thu Nov 23 2023 Hui Wang - 1:9.0.62-28- Resolves: RHEL-13907 tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)- Resolves: RHEL-13904 tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)- Resolves: RHEL-12951 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)- Resolves: RHEL-12544 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)- Resolves: RHEL-2386 tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* Fri Oct 13 2023 Hui Wang - 1:9.0.62-27- Related: RHEL-12543 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)- Bump release number
* Thu Oct 12 2023 Hui Wang - 1:9.0.62-16- Resolves: RHEL-12543 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)- Remove JDK subpackges which are unused
* Fri Sep 08 2023 Hui Wang - 1:9.0.62-14- Related: RHEL-2330 Bump release number
* Thu Sep 07 2023 Hui Wang - 1:9.0.62-13- Resolves: RHEL-2330 Revert the fix for pki-servlet-engine
* Fri Aug 25 2023 Coty Sutherland - 1:9.0.62-12- Related: #2184135 Declare file conflicts
* Fri Aug 25 2023 Coty Sutherland - 1:9.0.62-11- Resolves: #2184135 Fix bug introduced in initial commit
* Fri Aug 18 2023 Hui Wang - 1:9.0.62-10- Resolves: #2210630 CVE-2023-28709 tomcat- Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure- tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998) tomcat: JsonErrorReportValve injection (CVE-2022-45143) tomcat: request smuggling (CVE-2022-42252) tomcat: local privilege escalation vulnerability (CVE-2022-23181)
* Thu Aug 17 2023 Hui Wang - 1:9.0.62-9- Resolves: #2184135 Add Obsoletes to tomcat package
* Thu Aug 17 2023 Hui Wang - 1:9.0.62-8- Resolves: #2189676 Missing Tomcat POM files in RHEL 8.9
* Tue Aug 15 2023 Hui Wang - 1:9.0.62-7- Related: #2173874 Tomcat installs older java even though newer java is installed- Bump release number
* Fri Aug 11 2023 Hui Wang - 1:9.0.62-6- Resolves: #2173874 Tomcat installs older java even though newer java is installed- Sync with rhel-8.8.0 branch
* Thu Feb 16 2023 Coty Sutherland - 1:9.0.62-5- Related: #2160455 Add conflicts to subpackage
* Wed Feb 15 2023 Hui Wang - 1:9.0.62-4- Resolves: #2160455 Add Tomcat 9 to RHEL8