[ol10_appstream] tomcat9-servlet-4.0-api-1:9.0.87-8.el10.noarch

Apache Tomcat Servlet API Implementation Classes.

Changelog (Show File list) (Show related packages)

• Mon Aug 18 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-8

  - Resolves: RHEL-102186
    tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)

• Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-7

  - Resolves: RHEL-108485
    tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
  - Resolves: RHEL-108493
    tomcat: Dos in multipart upload (CVE-2025-48988)
  - Resolves: RHEL-108501
    tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
  - Resolves: RHEL-108509
    tomcat: Denial of service (CVE-2025-52434)
  - Resolves: RHEL-108522
    tomcat: Denial of service (CVE-2025-52520)
  - Resolves: RHEL-108517
    tomcat: Denial of service (CVE-2025-53506)

• Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.1

  - Resolves: RHEL-91750
    tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
  - Resolves: RHEL-94960
    tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

• Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5

  - Resolves: RHEL-82927
    tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)

• Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4

  - add Obsoletes to aid upgrade path from tomcat-9.x
    Resolves: RHEL-79313

• Mon Feb 03 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3

  - Resolves: RHEL-77325 Missing conflicts in spec file

• Fri Jan 24 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2

  - Initial commit on c10s
    Resolves: RHEL-69841
  - tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)