-
Mon Jan 29 2024 Darren Archibald <darren.archibald@oracle.com> - 1:9.0.62-27.3
- tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
-
Wed Jan 10 2024 Alan Steinberg <alan.steinberg@oracle.com> - 1:9.0.62-27.2
- Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
- FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
-
Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-27
- Related: RHEL-12543
- Bump release number
-
Thu Oct 12 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-16
- Resolves: RHEL-12543 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
- Remove JDK subpackges which are unused
-
Fri Sep 08 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-14
- Related: RHEL-2330 Bump release number
-
Thu Sep 07 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-13
- Resolves: RHEL-2330 Revert the fix for pki-servlet-engine
-
Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-12
- Related: #2184135 Declare file conflicts
-
Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-11
- Resolves: #2184135 Fix bug introduced in initial commit
-
Fri Aug 18 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-10
- Resolves: #2210630 CVE-2023-28709 tomcat
- Resolves: #2181448 CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure
-
Thu Aug 17 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-9
- Resolves: #2184135 Add Obsoletes to tomcat package