On 2024/11/18 11:34, Stuart Henderson wrote: > CVSROOT: /cvs > Module name: ports > Changes by: [email protected] 2024/11/18 11:34:55 > > Modified files: > www/tomcat : Tag: OPENBSD_7_6 Makefile.inc > www/tomcat/v10 : Tag: OPENBSD_7_6 Makefile distinfo > www/tomcat/v10/pkg: Tag: OPENBSD_7_6 DESCR-main PLIST-examples > www/tomcat/v9 : Tag: OPENBSD_7_6 Makefile distinfo > www/tomcat/v9/pkg: Tag: OPENBSD_7_6 DESCR-main PLIST-examples > > Log message: > MFC tomcat updates; CVE-2024-52316 > Apache Tomcat: Authentication bypass when using Jakarta Authentication API >
also: CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2 CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS
