[ol10_appstream] tomcat9-lib-1:9.0.87-5.el10_0.3.noarch

Libraries needed to run the Tomcat Web container.

Changelog (Show File list) (Show related packages)

• Thu Aug 21 2025 Craig Guiller <craig.guiller@oracle.com> - 1:9.0.87-5.3

  - Resolves:
    tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
  - Resolves:
    tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
  - Resolves:
    tomcat: Dos in multipart upload (CVE-2025-48988)
  - Resolves:
    tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
  - Resolves:
    tomcat: Denial of service (CVE-2025-52434)
  - Resolves:
    tomcat: Denial of service (CVE-2025-52520)
  - Resolves:
    tomcat: Denial of service (CVE-2025-53506)

• Wed Jul 16 2025 Pooja Senthil Kumar <pooja.senthil.kumar@oracle.com> - 1:9.0.87-5.1

  - Resolves: RHEL-91765
    tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
  - Resolves: RHEL-71981
    tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

• Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5

  - Resolves: RHEL-82927
    tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)

• Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4

  - add Obsoletes to aid upgrade path from tomcat-9.x
    Resolves: RHEL-79313

• Mon Feb 03 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3

  - Resolves: RHEL-77325 Missing conflicts in spec file

• Fri Jan 24 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2

  - Initial commit on c10s
    Resolves: RHEL-69841
  - tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)