| ID | 140438 |
| Package Name | tomcat |
| Version | 9.0.31 |
| Release | 1.fc33 |
| Epoch | 1 |
| Summary |
| Description |
| Built by | davidlt |
| State |
complete
|
| Volume |
DEFAULT |
| Started | Fri, 27 Mar 2020 09:47:28 UTC |
| Completed | Fri, 27 Mar 2020 09:47:28 UTC |
| Tags |
|
| RPMs |
|
| Changelog |
* Thu Mar 05 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.31-1
- Update to 9.0.31
- Resolves: rhbz#1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:9.0.30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 20 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-1
- Update to 9.0.30
* Thu Sep 26 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.26-2
- Resolves: rhbz#1510522 man page uid and gid mismatch for service accounts
* Thu Sep 26 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.26-1
- Update to 9.0.26
- Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names
- Resolves: rhbz#1510896 Problem to start tomcat with a user whose group has a name different to the user
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:9.0.21-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 17 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.21-2
- Update build-classpath calls to ECJ to specify the JAR we want to use
* Tue Jun 18 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.21-1
- Update to 9.0.21
* Tue Apr 02 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.13-4
- Remove javadoc subpackage to drop the jpackage-utils dependency
* Wed Feb 20 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.13-3
- Remove OSGi MANIFEST files, these are now included in the upstream Tomcat distribution (as of 9.0.10)
- Remove unused dependencies, apache-commons-collections, apache-commons-daemon, apache-commons-pool, junit
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:9.0.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Dec 13 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.13-1
- Update to 9.0.13
- Resolves: rhbz#1636513 - CVE-2018-11784 tomcat: Open redirect in default servlet
* Sun Oct 14 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1:9.0.10-2
- Drop legcy sys-v bits
* Tue Jul 31 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.10-1
- Update to 9.0.10
- Resolves: rhbz#1624929 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
- Resolves: rhbz#1579612 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1607586 - CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1607584 - CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:9.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 01 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-1
- Update to 9.0.7
* Thu Mar 15 2018 Coty Sutherland <csutherl@redhat.com> - 1:8.5.29-1
- Update to 8.5.29
- Resolves: rhbz#1548290 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unitended exposure of resources
- Resolves: rhbz#1548284 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
|
