-
Tue Mar 05 2024 Pooja Senthil Kumar <pooja.senthil.kumar@oracle.com> - 1:9.0.62-37.el9_3.2
- Resolves: #2252050 HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
-
Wed Jan 24 2024 Kevin Lyons <kevin.x.lyons@oracle.com> 1:9.0.62-37.el9_3.1
- Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication
- Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling
- Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
- Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak
-
Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-37
- Resolves: RHEL-12551
- Remove JDK subpackges which are unused
-
Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-16
- Related: #2184133 Declare file conflicts
-
Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-15
- Resolves: #2184133 Fix bug in Obsoletes
-
Tue Aug 01 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-14
- Resolves: #2210632 CVE-2023-28709 tomcat
-
Wed Jul 26 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-13
- Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
-
Wed Jun 21 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-12
- Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
- Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
- Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
- Resolves: #2210632 CVE-2023-28709
- Resolves: #2184133 Add Obsoletes to tomcat package
- Update patch command
- Update source to include the CVE fixes
-
Thu Feb 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-11
- Bump release so that the NVR on RHEL-9 is higher than RHEL-8
-
Wed Feb 15 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-4
- Bump release to run the tier1 test