[ol7_latest] tomcat-el-2.2-api-7.0.76-16.el7_9.noarch

Name:	tomcat-el-2.2-api
Version:	7.0.76
Release:	16.el7_9
Architecture:	noarch
Group:	Development/Libraries
Size:	115474
License:	ASL 2.0
RPM:	tomcat-el-2.2-api-7.0.76-16.el7_9.noarch.rpm
Source RPM:	tomcat-7.0.76-16.el7_9.src.rpm
Build Date:	Tue Nov 10 2020
Build Host:	jenkins-172-17-0-2-3664c536-7d7d-4ac4-8b0e-26767e19daa3.blddevtest1iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	http://tomcat.apache.org/
Summary:	Expression Language v2.2 API
Description:	Expression Language 2.2.

Changelog (Show File list) (Show related packages)

Wed Sep 23 2020 Hui Wang <huwang@redhat.com> 0:7.0.76-16

- Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

Fri Jul 17 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-15

- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

Thu May 21 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-14

- Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence

Wed May 06 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-13

- Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127

Fri Apr 24 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-12

- Resolves: rhbz#1367492 harden package permissions
- Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names
- Resolves: rhbz#1629162 tomcat-dbcp.jar is missing from tomcat package
- Resolves: rhbz#1822453 Tomcat parses a request having an absolute URI path incorrectly and returns 404 Not Found
- Resolves: rhbz#1795645 connection leak with StatementCache, SlowQueryReport or StatementDecoratorInterceptor
- Resolves: CVE-2019-17563 tomcat: session fixation when using FORM authentication

Tue Mar 03 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-11

- CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

Tue Sep 03 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-10
```
- Resolves: rhbz#1748541 Bump tomcat release number
```

Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9

- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values

Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8

- Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS

Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7

- Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session