-
Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el9_4.2
- Resolves: RHEL-46162
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
-
Fri May 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1.el9_4.1
- Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-31048
tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-31032
tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
- Resolves: RHEL-35328 - Amend tomcat's changelog
(CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080)
-
Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-39
- Resolves: RHEL-17605
-
Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-38
- Resolves: RHEL-13908
tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
- Resolves: RHEL-13905
tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- Resolves: RHEL-12952
tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- Resolves: RHEL-12552
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Resolves: RHEL-2388
tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
-
Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-37
- Resolves: RHEL-12551
tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Remove JDK subpackges which are unused
-
Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-16
- Related: #2184133 Declare file conflicts
-
Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-15
- Resolves: #2184133 Fix bug in Obsoletes
-
Tue Aug 01 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-14
- Resolves: #2210632 CVE-2023-28709 tomcat
-
Wed Jul 26 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-13
- Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
-
Wed Jun 21 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-12
- Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
- Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
- Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
- Resolves: #2210632 CVE-2023-28709
- Resolves: #2184133 Add Obsoletes to tomcat package
- Update patch command
- Update source to include the CVE fixes