announce  

Messages by Date

• 2025/04/28 [SECURITY] CVE-2025-31651 Apache Tomcat - Rewrite rule bypass Mark Thomas
• 2025/04/28 [SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header Mark Thomas
• 2025/04/09 [ANN] Apache Tomcat 9.0.104 available Rémy Maucherat
• 2025/03/11 [SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
• 2025/03/06 [ANN] Apache Tomcat 9.0.102 available Rémy Maucherat
• 2025/02/25 The future of Tomcat 9 Mark Thomas
• 2025/02/17 [ANN] Apache Tomcat 9.0.100 available Rémy Maucherat
• 2025/02/17 [ANN] Apache Tomcat 11.0.4 Available Mark Thomas
• 2025/02/10 [ANN] Apache Tomcat 11.0.3 Available Mark Thomas
• 2025/02/10 [ANN] Apache Tomcat 9.0.99 available Rémy Maucherat
• 2025/01/21 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.9 Mark Thomas
• 2024/12/20 [SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete Mark Thomas
• 2024/12/17 [SECURITY] CVE-2024-54677 Apache Tomcat - DoS in examples web application Mark Thomas
• 2024/12/17 [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet Mark Thomas
• 2024/12/09 [ANN] Apache Tomcat 9.0.98 available Rémy Maucherat
• 2024/12/09 [ANN] Apache Tomcat 11.0.2 Available Mark Thomas
• 2024/11/18 [SECURITY] CVE-2024-52316 Apache Tomcat - Authentication Bypass Mark Thomas
• 2024/11/18 [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
• 2024/11/18 [SECURITY] CVE-2024-52318 Apache Tomcat - XSS in generated JSPs Mark Thomas
• 2024/11/18 [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
• 2024/11/11 [ANN] Apache Tomcat 10.1.33 Available Christopher Schultz
• 2024/11/09 [ANN] Apache Tomcat 9.0.97 available Rémy Maucherat
• 2024/10/09 [ANN] Apache Tomcat 11.0.0 Available Mark Thomas
• 2024/10/08 [ANN] Apache Tomcat 9.0.96 available Rémy Maucherat
• 2024/09/23 [SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service Mark Thomas
• 2024/09/23 [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service Mark Thomas
• 2024/09/17 [ANN] Apache Tomcat 9.0.95 available Rémy Maucherat
• 2024/09/17 [ANN] Apache Tomcat 10.1.30 Available Christopher Schultz
• 2024/09/16 [ANN] Apache Tomcat 11.0.0-M26 (beta) available Mark Thomas
• 2024/09/13 [ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94 Mark Thomas
• 2024/09/11 [ANN] Apache Tomcat 10.1.29 Available Christopher Schultz
• 2024/09/11 [ANN] Apache Tomcat 9.0.94 available Rémy Maucherat
• 2024/09/10 [ANN] Apache Tomcat 11.0.0-M25 (beta) available Mark Thomas
• 2024/08/13 [ANN] Apache Tomcat Connectors 1.2.50 released Mark Thomas
• 2024/08/06 [ANN] Apache Tomcat 10.1.28 Available Christopher Schultz
• 2024/08/06 [ANN] Apache Tomcat 11.0.0-M24 (beta) available Mark Thomas
• 2024/08/05 [ANN] Apache Tomcat 9.0.93 available Rémy Maucherat
• 2024/07/24 [ANN] Apache Tomcat Native 1.3.1 released Mark Thomas
• 2024/07/24 [ANN] Apache Tomcat Native 2.0.8 released Mark Thomas
• 2024/07/12 [ANN] Apache Tomcat 10.1.26 Available Christopher Schultz
• 2024/07/08 [ANN] Apache Tomcat 9.0.91 available Rémy Maucherat
• 2024/07/05 [ANN] Apache Tomcat 11.0.0-M22 (beta) available Mark Thomas
• 2024/07/03 [SECURITY] CVE-2024-34750 Apache Tomcat - Denial of Service Mark Thomas
• 2024/06/19 [ANN] Apache Tomcat 10.1.25 Available Christopher Schultz
• 2024/06/19 [ANN] Apache Tomcat 9.0.90 available Rémy Maucherat
• 2024/06/18 [ANN] Apache Tomcat 11.0.0-M21 (beta) available Mark Thomas
• 2024/05/13 [ANN] Apache Tomcat 10.1.24 Available Christopher Schultz
• 2024/05/08 [ANN] Apache Tomcat 11.0.0-M20 (alpha) available Mark Thomas
• 2024/05/07 [ANN] Apache Tomcat 9.0.89 available Rémy Maucherat
• 2024/04/16 [ANN] Apache Tomcat 9.0.88 available Rémy Maucherat
• 2024/04/16 [ANN] Apache Tomcat 11.0.0-M19 (alpha) available Rémy Maucherat
• 2024/03/26 [ANN] Apache Tomcat 10.1.20 Available Christopher Schultz
• 2024/03/25 [ANN] Apache Tomcat 8.5.100 Available Christopher Schultz
• 2024/03/14 [ANN] Apache Tomcat 9.0.87 available Rémy Maucherat
• 2024/03/14 [ANN] Apache Tomcat 11.0.0-M18 (alpha) available Mark Thomas
• 2024/03/13 [SECURITY] CVE-2024-23672 Apache Tomcat - Denial of Service Mark Thomas
• 2024/03/13 [SECURITY] CVE-2024-24549 Apache Tomcat - Denial of Service Mark Thomas
• 2024/02/19 [ANN] Apache Tomcat 8.5.99 Available Christopher Schultz
• 2024/02/19 [ANN] Apache Tomcat 9.0.86 available Rémy Maucherat
• 2024/02/13 [ANN] Apache Tomcat Native 1.3.0 released Mark Thomas
• 2024/02/13 [ANN] Apache Tomcat Native 2.0.7 released Mark Thomas
• 2024/01/19 Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
• 2024/01/19 [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
• 2024/01/09 [ANN] Apache Tomcat 9.0.85 available Rémy Maucherat
• 2024/01/09 [ANN] Apache Tomcat 11.0.0-M16 (alpha) available Mark Thomas
• 2024/01/09 Apache Tomcat 8.5.98 Available Christopher Schultz
• 2024/01/09 Apache Tomcat 10.1.18 Available Christopher Schultz
• 2023/12/12 [ANN] Apache Tomcat 9.0.84 available Rémy Maucherat
• 2023/12/12 [ANN] Apache Tomcat 11.0.0-M15 (alpha) available Mark Thomas
• 2023/12/12 [ANN] Apache Tomcat 8.5.97 available Christopher Schultz
• 2023/12/12 Apache Tomcat 10.1.17 Available Christopher Schultz
• 2023/11/28 [SECURITY] CVE-2023-46589 Apache Tomcat - Request Smuggling Mark Thomas
• 2023/11/15 [ANN] Apache Tomcat 11.0.0-M14 (alpha) available Mark Thomas
• 2023/11/15 [ANN] Apache Tomcat 9.0.83 available Rémy Maucherat
• 2023/11/14 [ANN] Apache Tomcat 10.1.16 available Christopher Schultz
• 2023/11/14 [ANN] Apache Tomcat 8.5.96 available Christopher Schultz
• 2023/10/16 [ANN] Apache Tomcat 8.5.95 available Christopher Schultz
• 2023/10/16 [ANN] Apache Tomcat 10.1.15 available Christopher Schultz
• 2023/10/14 [ANN] Apache Tomcat 11.0.0-M13 (alpha) available Mark Thomas
• 2023/10/13 [ANN] Apache Tomcat 9.0.82 available Rémy Maucherat
• 2023/10/10 [SECURITY] CVE-2023-45648 Apache Tomcat - Request Smuggling Mark Thomas
• 2023/10/10 [SECURITY] CVE-2023-44487 Apache Tomcat - HTTP/2 DoS Mark Thomas
• 2023/10/10 [SECURITY] CVE-2023-42795 Apache Tomcat - information disclosure Mark Thomas
• 2023/10/10 [SECURITY] CVE-2023-42794 Apache Tomcat - denial of service Mark Thomas
• 2023/10/10 [ANN] Apache Tomcat 9.0.81 available Rémy Maucherat
• 2023/10/10 [ANN] Apache Tomcat 10.1.14 available Christopher Schultz
• 2023/10/10 [ANN] Apache Tomcat 11.0.0-M12 (alpha) available Mark Thomas
• 2023/10/10 [ANN] Apache Tomcat 8.5.94 available Christopher Schultz
• 2023/10/03 [ANN] Apache Tomcat Native 1.2.39 released Mark Thomas
• 2023/10/02 [ANN] Apache Tomcat Native 2.0.6 released Mark Thomas
• 2023/09/28 [SECURITY] [CORRECTION] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass Christopher Schultz
• 2023/09/13 [SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Mark Thomas
• 2023/09/12 [ANN] Apache Tomcat Connectors 1.2.49 released Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 8.5.93 available Mark Thomas
• 2023/08/25 [SECURITY] CVE-2023-41080 Apache Tomcat - open redirect Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 9.0.80 available Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 10.1.13 available Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 11.0.0-M11 (alpha) available Mark Thomas
• 2023/08/14 [ANN] Apache Tomcat 9.0.79 available Rémy Maucherat
• 2023/08/14 [ANN] Apache Tomcat 8.5.92 available Mark Thomas
• 2023/08/14 [ANN] Apache Tomcat 10.1.12 available Mark Thomas
• 2023/08/14 [ANN] Apache Tomcat 11.0.0-M10 (alpha) available Mark Thomas
• 2023/07/11 [ANN] Apache Tomcat 11.0.0-M9 (alpha) available Mark Thomas
• 2023/07/10 [ANN] Apache Tomcat 8.5.91 available Christopher Schultz
• 2023/07/10 [ANN] Apache Tomcat 10.1.11 available Christopher Schultz
• 2023/07/10 [ANN] Apache Tomcat 9.0.78 available Rémy Maucherat
• 2023/06/21 [SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure Mark Thomas
• 2023/06/12 [ANN] Apache Tomcat 10.1.10 available Christopher Schultz
• 2023/06/12 [ANN] Apache Tomcat 8.5.90 available Christopher Schultz
• 2023/06/09 [ANN] Apache Tomcat 9.0.76 available Rémy Maucherat
• 2023/06/08 [ANN] Apache Tomcat 11.0.0-M7 (alpha) available Mark Thomas
• 2023/06/02 [ANN] Apache Tomcat Native 1.2.37 released Mark Thomas
• 2023/06/02 [ANN] Apache Tomcat Native 2.0.4 released Mark Thomas
• 2023/05/22 [SECURITY] CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Mark Thomas
• 2023/05/19 [ANN] Apache Tomcat 8.5.89 available Christopher Schultz
• 2023/05/10 [ANN] Apache Tomcat 9.0.75 available Rémy Maucherat
• 2023/05/09 [ANN] Apache Tomcat 11.0.0-M6 (alpha) available Mark Thomas
• 2023/04/19 [ANN] Apache Tomcat 10.1.8 available Christopher Schultz
• 2023/04/19 [ANN] Apache Tomcat 8.5.88 available Christopher Schultz
• 2023/04/19 [ANN] Apache Tomcat 11.0.0-M5 (alpha) available Mark Thomas
• 2023/04/18 [ANN] Apache Tomcat 9.0.74 available Rémy Maucherat
• 2023/03/22 [SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure Mark Thomas
• 2023/03/06 [ANN] Apache Tomcat 11.0.0-M4 (alpha) available Mark Thomas
• 2023/03/04 [ANN] Apache Tomcat 10.1.7 available Christopher Schultz
• 2023/03/04 [ANN] Apache Tomcat 8.5.87 available Christopher Schultz
• 2023/03/03 [ANN] Apache Tomcat 9.0.73 available Rémy Maucherat
• 2023/02/24 [ANN] Apache Tomcat 10.1.6 available Christopher Schultz
• 2023/02/24 [ANN] Apache Tomcat 8.5.86 available Christopher Schultz
• 2023/02/23 [ANN] Apache Tomcat 11.0.0-M3 (alpha) available Mark Thomas
• 2023/02/23 [ANN] Apache Tomcat 9.0.72 available Rémy Maucherat
• 2023/02/20 [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
• 2023/02/20 [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
• 2023/02/13 [ANN] Apache Tomcat Native 2.0.3 released Mark Thomas
• 2023/02/13 [ANN] Apache Tomcat Native 1.2.36 released Mark Thomas
• 2023/01/23 [ANN] Apache Tomcat 10.1.5 available Mark Thomas
• 2023/01/21 [ANN] Apache Tomcat 8.5.85 available [CORRECTION] Christopher Schultz
• 2023/01/19 [ANN] Apache Tomcat 8.5.84 available Christopher Schultz
• 2023/01/13 [ANN] Apache Tomcat 9.0.71 available Rémy Maucherat
• 2023/01/03 [SECURITY] CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Mark Thomas
• 2022/12/13 [ANN] End of life for Apache Tomcat 8.5.x Mark Thomas
• 2022/12/09 [ANN] Apache Tomcat 10.1.4 available Mark Thomas
• 2022/12/05 [ANN] Apache Tomcat 11.0.0-M1 (alpha) available Mark Thomas
• 2022/12/05 [ANN] Apache Tomcat 9.0.70 available Rémy Maucherat
• 2022/12/05 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.6 Mark Thomas
• 2022/11/22 [ANN] Apache Tomcat 8.5.84 available Christopher Schultz
• 2022/11/14 [ANN] Apache Tomcat 9.0.69 available Rémy Maucherat
• 2022/11/14 [ANN] Apache Tomcat 10.1.2 available Mark Thomas
• 2022/11/08 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.5 Mark Thomas
• 2022/11/08 [ANN] Apache Tomcat Native 2.0.2 released Mark Thomas
• 2022/10/31 [SECURITY] CVE-2022-42252 Apache Tomcat - Request Smuggling Mark Thomas
• 2022/10/11 [ANN] Apache Tomcat 10.1.1 available Mark Thomas
• 2022/10/11 [ANN] Apache Tomcat 8.5.83 available Mark Thomas
• 2022/10/10 [ANN] Apache Tomcat 10.0.27 available Mark Thomas
• 2022/10/07 [ANN] Apache Tomcat 9.0.68 available Mark Thomas
• 2022/09/28 [SECURITY] CVE-2021-43980 Apache Tomcat - Information Disclosure Mark Thomas
• 2022/09/27 [ANN] Apache Tomcat 10.0.26 available Mark Thomas
• 2022/09/26 [ANN] Apache Tomcat 9.0.67 available Rémy Maucherat
• 2022/09/26 [ANN] Apache Tomcat 10.1.0 (stable) available Mark Thomas
• 2022/09/20 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.4 Mark Thomas
• 2022/09/12 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.3 Mark Thomas
• 2022/08/13 [ANN] Apache Tomcat 8.5.82 available Christopher Schultz
• 2022/07/26 [ANN] Apache Tomcat 10.0.23 available Mark Thomas
• 2022/07/20 [ANN] Apache Tomcat 9.0.65 available Rémy Maucherat
• 2022/07/20 [ANN] Apache Tomcat 10.1.0-M17 (beta) available Mark Thomas
• 2022/07/13 [ANN] Apache Tomcat Native 2.0.1 released Mark Thomas
• 2022/07/11 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.1 Mark Thomas
• 2022/06/23 [SECURITY] CVE-2022-34305 Apache Tomcat - XSS in examples web application Mark Thomas
• 2022/06/14 [ANN] Apache Tomcat Native 1.2.34 released Mark Thomas
• 2022/06/12 [ANN] Apache Tomcat 8.5.81 available Christopher Schultz
• 2022/06/11 [ANN] Apache Tomcat 10.0.22 available Mark Thomas
• 2022/06/09 [ANN] Apache Tomcat 10.1.0-M16 (beta) available Mark Thomas
• 2022/06/09 [ANN] Apache Tomcat 9.0.64 available Rémy Maucherat
• 2022/05/24 [ANN] Apache Tomcat 8.5.79 available Christopher Schultz
• 2022/05/16 [ANN] Apache Tomcat 9.0.63 available Rémy Maucherat
• 2022/05/16 [ANN] Apache Tomcat 10.0.21 available Mark Thomas
• 2022/05/16 [ANN] Apache Tomcat 10.1.0-M15 (alpha) available Mark Thomas
• 2022/05/12 [SECURITY] CVE-2022-25762 Apache Tomcat - Request Mix-up Mark Thomas
• 2022/05/10 [SECURITY] CVE-2022-29885 Apache Tomcat EncryptInterceptor DoS Mark Thomas
• 2022/05/09 [ANN] Apache Tomcat Native 1.2.33 released Mark Thomas
• 2022/04/01 [ANN] Apache Tomcat 8.5.78 available Mark Thomas
• 2022/04/01 [ANN] Apache Tomcat 9.0.62 available Rémy Maucherat
• 2022/04/01 [ANN] Apache Tomcat 10.0.20 available Mark Thomas
• 2022/04/01 [ANN] Apache Tomcat 10.1.0-M14 (alpha) available Mark Thomas
• 2022/03/22 [ANN] Apache Tomcat Native 1.2.32 released Mark Thomas
• 2022/03/17 [ANN] Apache Tomcat 8.5.77 available Christopher Schultz
• 2022/03/14 [ANN] Apache Tomcat 9.0.60 available Rémy Maucherat
• 2022/03/14 [ANN] Apache Tomcat 10.0.18 available Mark Thomas
• 2022/03/14 [ANN] Apache Tomcat 10.1.0-M12 (alpha) available Mark Thomas
• 2022/02/28 [ANN] Apache Tomcat 8.5.75 available Christopher Schultz
• 2022/02/28 [ANN] Apache Tomcat 9.0.59 available Rémy Maucherat
• 2022/02/28 [ANN] Apache Tomcat 10.1.0-M11 (alpha) available Mark Thomas
• 2022/02/28 [ANN] Apache Tomcat 10.0.17 available Mark Thomas
• 2022/01/26 [SECURITY] CVE-2022-23181 Apache Tomcat Local Privilege Escalation Mark Thomas
• 2022/01/20 [ANN] Apache Tomcat 10.0.16 available Mark Thomas
• 2022/01/20 [ANN] Apache Tomcat 10.1.0-M10 (alpha) available Mark Thomas
• 2022/01/20 [ANN] Apache Tomcat 9.0.58 available Rémy Maucherat
• 2022/01/20 [ANN] Apache Tomcat 8.5.75 available Christopher Schultz
• 2021/12/14 [SECURITY] Apache Tomcat and CVE-2021-44228 (Log4j vulnerability) Mark Thomas
• 2021/12/08 [ANN] Apache Tomcat 9.0.56 available Rémy Maucherat
• 2021/12/08 [ANN] Apache Tomcat 10.0.14 available Mark Thomas

• Earlier messages