commit tomcat10 for openSUSE:Factory

Thu, 14 Aug 2025 04:19:29 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package tomcat10 for openSUSE:Factory 
checked in at 2025-08-14 13:19:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tomcat10 (Old)
 and      /work/SRC/openSUSE:Factory/.tomcat10.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tomcat10"

Thu Aug 14 13:19:05 2025 rev:23 rq:1299338 version:10.1.43

Changes:
--------
--- /work/SRC/openSUSE:Factory/tomcat10/tomcat10.changes        2025-06-24 
20:52:40.300983871 +0200
+++ /work/SRC/openSUSE:Factory/.tomcat10.new.1085/tomcat10.changes      
2025-08-14 13:19:09.929530664 +0200
@@ -1,0 +2,59 @@
+Wed Aug  6 12:45:13 UTC 2025 - Michele Bussolotto <michele.bussolo...@suse.com>
+
+- Update to Tomcat 10.1.43
+  * Fixed CVEs:
+    + CVE-2025-52520: Align size tracking for multipart requests with
+      FileUpload's use of long. (bsc#1246388)
+    + CVE-2025-53506: Apply the initial HTTP/2 connection limits earlier.
+      (bsc#1246318)
+  * Catalina
+    + Fix: Ensure application configured welcome files override the defaults
+      when configuring an embedded web application programmatically. (markt)
+    + Fix: Allow the default servlet to set the content length when the content
+      length is known, no content has been written and a Writer is being used.
+      (markt)
+    + Fix: 69717: Correct a regression in the fix for CVE-2025-49125 that
+      prevented access to PreResources and PostResources when mounted below the
+      web application root with a path that was terminated with a file
+      separator. (remm/markt)
+    + Fix: 69731: Fix an issue that meant that the value of maxParameterCount
+      applied was smaller than intended for multipart uploads with non-file
+      parts when the parts were processed before query string parameters.
+      (markt)
+    + Fix: Align size tracking for multipart requests with FileUpload's use of
+      long. (schultz)
+  * Coyote
+    + Fix: 69710: Increase the default for maxPartCount from 10 to 50. Update
+      the documentation to provide more details on the memory requirements to
+      support multi-part uploads while avoiding a denial of service risk.
+      (markt)
+    + Fix: 69713: Correctly handle an HTTP/2 data frame that includes padding
+      when the headers include a content-length. (remm/markt)
+    + Fix: Correctly collect statistics for HTTP/2 requests and avoid counting
+      one request multiple times. Based on pull request #868 by qingdaoheze.
+      (markt)
+    + Fix: Fix JMX value for keepAliveCount on the endpoint. Also add the value
+      of useVirtualThreads in JMX. (remm)
+    + Fix: 69728: Remove incorrect warning when HTTP/2 is used with optional
+      certificate verification and improve the warnings when a web application
+      tries to use CLIENT-CERT with either HTTP/2 or a JSSE implementation of
+      TLS 1.3. (markt)
+    + Fix: When setting the initial HTTP/2 connection limit, apply those limits
+      earlier. (markt)
+  * Jasper
+    + Code: Remove IMPL_OBJ_START from EL grammar for IDENTIFIER. (markt)
+    + Code: Remove the INSTANCEOF and FUNCTIONSUFFIX definitions from the EL
+      grammar as both are unused. (markt)
+  * Web applications
+    + Add: Documentation. Provide more explicit guidance regarding the security
+      considerations for enabling write access to the web application via
+      WebDAV, HTTP PUT requests or similar. (markt)
+    + Add: Documentation. Add a section on reverse proxies to the security
+      considerations page. (markt)
+  * Other
+    + Update: Update UnboundID to 7.0.3. (markt)
+    + Update: Update Checkstyle to 10.25.1. (markt)
+    + Update: Improvements to French translations. (remm)
+    + Update: Improvements to Japanese translations provided by tak7iji. 
(markt)
+
+-------------------------------------------------------------------

Old:
----
  apache-tomcat-10.1.42-src.tar.gz
  apache-tomcat-10.1.42-src.tar.gz.asc

New:
----
  apache-tomcat-10.1.43-src.tar.gz
  apache-tomcat-10.1.43-src.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tomcat10.spec ++++++
--- /var/tmp/diff_new_pack.p1drZu/_old  2025-08-14 13:19:11.813609169 +0200
+++ /var/tmp/diff_new_pack.p1drZu/_new  2025-08-14 13:19:11.813609169 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package tomcat10
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@@ -29,7 +29,7 @@
 %define elspec %{elspec_major}.%{elspec_minor}
 %define major_version 10
 %define minor_version 1
-%define micro_version 42
+%define micro_version 43
 %define java_major 1
 %define java_minor 11
 %define java_version %{java_major}.%{java_minor}

++++++ apache-tomcat-10.1.42-src.tar.gz -> apache-tomcat-10.1.43-src.tar.gz 
++++++
/work/SRC/openSUSE:Factory/tomcat10/apache-tomcat-10.1.42-src.tar.gz 
/work/SRC/openSUSE:Factory/.tomcat10.new.1085/apache-tomcat-10.1.43-src.tar.gz 
differ: char 99, line 2

Reply via email to