Проект tomcat9-1:9.0.87-8.el10 content_copy

×

* Mon Aug 18 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-8
- Resolves: RHEL-102186
  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)

* Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-7
- Resolves: RHEL-108485
  tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108493
  tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108501
  tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108509
  tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108522
  tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108517
  tomcat: Denial of service (CVE-2025-53506)

* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.1
- Resolves: RHEL-91750
  tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-94960
  tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

* Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
- Resolves: RHEL-82927
  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)

* Fri Mar 21 2025 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:9.0.87-4
- Rebuilt for MSVSphere 10

* Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4
- add Obsoletes to aid upgrade path from tomcat-9.x
  Resolves: RHEL-79313

* Mon Feb 03 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
- Resolves: RHEL-77325 Missing conflicts in spec file

* Fri Jan 24 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Initial commit on c10s
  Resolves: RHEL-69841
- tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)