-
Tue Sep 03 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-10
- Resolves: rhbz#1748541 Bump tomcat release number
-
Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values
-
Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8
- Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
-
Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7
- Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session
-
Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
- Related: rhbz#1505762 Remove erroneous useradd
-
Tue Nov 07 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-5
- Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
- Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user
-
Mon Nov 06 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-3
- Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision
-
Thu Jun 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-2
- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
-
Wed Mar 29 2017 Coty Sutherland <csutherl@redhat.com> - 0:7.0.76-1
- Resolves: rhbz#1414895 Rebase tomcat to the current release
-
Thu Aug 25 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-10
- Related: rhbz#1368122
-
Tue Aug 23 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-9
- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- Resolves: rhbz#1368122
-
Wed Aug 03 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-7
- Resolves: rhbz#1362545
-
Fri Jul 08 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-6
- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service
-
Fri Jul 01 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-5
- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully
-
Mon Jun 27 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-4
- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
-
Fri Jun 17 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-3
- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)
-
Tue Jun 07 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-2
- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat
- Rebase Resolves: rhbz#1320853 Add HSTS support
- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions
- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet
- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation
- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure
- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue
- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms
- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak
-
Mon Jun 06 2016 Coty Sutherland <csutherl@redhat.com> - 0:7.0.69-1
- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69
- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out
- Resolves: rhbz#1277197 tomcat user has non-existing default shell set
- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7
- Resolves: rhbz#1229476 Tomcat startup ONLY options
- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar
- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit
- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion
- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file
-
Tue Mar 24 2015 David Knox <dknox@redhat.com> - 0:7.0.54-2
- Resolves: CVE-2014-0227
-
Wed Sep 17 2014 David Knox <dknox@redhat.com> - 0:7.0.54-1
- Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd
- artifacts. Rebase on 7.0.54.
-
Wed Jun 18 2014 David Knox <dknox@redhat.com> - 0:7.0.43-6
- Resolves: CVE-2014-0099
- Resolves: CVE-2014-0096
- Resolves: CVE-2014-0075
-
Wed Apr 16 2014 David Knox <dknox@redhat.com> - 0:7.0.42-5
- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.
-
Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-4
- Related: rhbz#1056696 correct packaging for sbin tomcat
-
Thu Mar 20 2014 David Knox <dknox@redhat.com> - 0:7.0.42-3
- Related: CVE-2013-4286. increment build number. missed doing
- it.
- Resolves: rhbz#1038183 remove BR for ant-nodeps. it's
- no long used.
-
Wed Jan 22 2014 David Knox <dknox@redhat.com> - 0:7.0.42-2
- Resolves: rhbz#1056673 Invocation of useradd with shell
- other than sbin nologin
- Resolves: rhbz#1056677 preun systemv scriptlet unconditionally
- stops service
- Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7
- systemd rules. systemv subpackage is removed.
- Resolves: CVE-2013-4286
- Resolves: CVE-2013-4322
- Resolves: CVE-2014-0050
- Built for rhel-7 RC
-
Tue Jan 21 2014 David Knox <dknox@redhat.com> - 0:7.0.42-1
- Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is
- deprecated.
-
Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 07.0.40-3
- Mass rebuild 2013-12-27
-
Sat May 11 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.40-1
- Updated to 7.0.40
- Resolves: rhbz 956569 added missing commons-pool link
-
Mon Mar 04 2013 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:7.0.37-2
- Add depmaps for org.eclipse.jetty.orbit
- Resolves: rhbz#917626
-
Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.39-1
- Updated to 7.0.39
-
Wed Feb 20 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.37-1
- Updated to 7.0.37
-
Mon Feb 04 2013 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.35-1
- Updated to 7.0.35
- systemd SuccessExitStatus=143 for proper stop exit code processing
-
Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.34-1
- Updated to 7.0.34
- ecj >= 4.2.1 now required
- Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME
-
Fri Dec 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-2
- Resolves: rhbz 883806 refix logdir ownership
-
Sun Dec 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.33-1
- Updated to 7.0.33
- Resolves: rhbz 873620 need chkconfig for update-alternatives
-
Wed Oct 17 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.32-1
- Updated to 7.0.32
- Resolves: rhbz 842620 symlinks to taglibs
-
Fri Aug 24 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.29-1
- Updated to 7.0.29
- Add pidfile as tmpfile
- Use systemd for running as unprivileged user
- Resolves: rhbz 847751 upgrade path was broken
- Resolves: rhbz 850343 use new systemd-rpm macros
-
Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0:7.0.28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
Mon Jul 02 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.28-1
- Updated to 7.0.28
- Resolves: rhbz 820119 Remove bundled apache-commons-dbcp
- Resolves: rhbz 814900 Added tomcat-coyote POM
- Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet
- Remove redhat-lsb R
-
Mon Apr 09 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-2
- Fixed native download hack
-
Sat Apr 07 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.27-1
- Updated to 7.0.27
- Fixed jakarta-taglibs-standard BR and R
-
Wed Mar 21 2012 Stanislav Ochotnicky <sochotnicky@redhat.com> - 0:7.0.26-2
- Add more depmaps to J2EE apis to help jetty/glassfish updates
-
Wed Mar 14 2012 Juan Hernandez <juan.hernandez@redhat.com> 0:7.0.26-2
- Added the POM files for tomcat-api and tomcat-util (#803495)
-
Wed Feb 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.26-1
- Updated to 7.0.26
- Bug 790334: Change ownership of logdir for logrotate
-
Thu Feb 16 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-4
- Bug 790694: Priorities of jsp, servlet and el packages updated.
-
Wed Feb 08 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.25-3
- Dropped indirect dependecy to tomcat 5
-
Sun Jan 22 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-2
- Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly
-
Sat Jan 21 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.25-1
- Updated to 7.0.25
- Removed EntityResolver patch (changes already in upstream sources)
- Place poms and depmaps in the same package as jars
- Added javax.servlet.descriptor to export-package of servlet-api
- Move several chkconfig actions and reqs to systemv subpackage
- New maven depmaps generation method
- Add patch to support java7. (patch sent upstream).
- Require java >= 1:1.6.0
-
Fri Jan 13 2012 Krzysztof Daniel <kdaniel@redhat.com> 0:7.0.23-5
- Exported javax.servlet.* packages in version 3.0 as 2.6 to make
servlet-api compatible with Eclipse.
-
Thu Jan 12 2012 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-4
- Move jsvc support to subpackage
-
Wed Jan 11 2012 Alexander Kurtakov <akurtako@redhat.com> 0:7.0.23-2
- Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).
-
Mon Dec 12 2011 Joseph D. Wagner <joe@josephdwagner.info> 0:7.0.23-3
- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
starting tomcat with jsvc, which allows tomcat to perform some
privileged operations (e.g. bind to a port < 1024) and then switch
identity to a non-privileged user. Must add USE_JSVC="true" to
/etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
-
Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.23-1
- Updated to 7.0.23
-
Fri Nov 11 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-2
- Move tomcat-juli.jar to lib package
- Drop %update_maven_depmap as in tomcat6
- Provide native systemd unit file ported from tomcat6
-
Thu Oct 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.22-1
- Updated to 7.0.22
-
Mon Oct 03 2011 Rex Dieter <rdieter@fedoraproject.org> - 0:7.0.21-3.1
- rebuild (java), rel-eng#4932
-
Mon Sep 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-3
- Fix basedir mode
-
Tue Sep 20 2011 Roland Grunberg <rgrunber@redhat.com> 0:7.0.21-2
- Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli.
-
Thu Sep 08 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.21-1
- Updated to 7.0.21
-
Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-3
- Require java = 1:1.6.0
-
Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-2
- Require java < 1.7.0
-
Mon Aug 15 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.20-1
- Updated to 7.0.20
-
Tue Jul 26 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.19-1
- Updated to 7.0.19
-
Tue Jun 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.16-1
- Updated to 7.0.16
-
Mon Jun 06 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-3
- Added initial systemd service
- Fix some paths
-
Sat May 21 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-2
- Fixed http source link
- Securify some permissions
- Added licenses for el-api and servlet-api
- Added dependency on jpackage-utils for the javadoc subpackage
-
Sat May 14 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.14-1
- Updated to 7.0.14
-
Thu May 05 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-4
- Provided local paths for libs
- Fixed dependencies
- Fixed update temp/work cleanup
-
Mon May 02 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-3
- Fixed package groups
- Fixed some permissions
- Fixed some links
- Removed old tomcat6 crap
-
Thu Apr 28 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-2
- Package now named just tomcat instead of tomcat7
- Removed Provides: tomcat-log4j
- Switched to apache-commons-* names instead of jakarta-commons-* .
- Remove the old changelog
- BR/R java >= 1:1.6.0 , same for java-devel
- Removed old tomcat6 crap
-
Wed Apr 27 2011 Ivan Afonichev <ivan.afonichev@gmail.com> 0:7.0.12-1
- Tomcat7