The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.65.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.28 stable.
The key features of this release are:
- Windows binaries built using 1.1.1k
- Correct a regression in the fix for 65181 that prevented an error
message from being displayed if an invalid key file
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.0
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE 9.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.6.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $C
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.46.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.46 is a bugfix and fea
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.66.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.30 stable.
The key features of this release are:
- Windows binaries built using OpenSSL 1.1.1k
- Fix an issue where some Windows systems in some configurations would
only listen on IPv6 addresses on dual st
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M1.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifica
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M2.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifica
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.8.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $C
CVE-2021-30639 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.3 to 10.0.4
Apache Tomcat 9.0.44
Apache Tomcat 8.5.64
Description:
An error introduced as part of a change to improve error handling during
non-blocking I/O meant
CVE-2021-30640 JNDI Realm Authentication Weakness
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.5
Apache Tomcat 9.0.0.M1 to 9.0.45
Apache Tomcat 8.5.0 to 8.5.65
Apache Tomcat 7.0.0 to 7.0.108
Description:
Queries made by the JNDI Realm
CVE-2021-33037 HTTP request smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.6
Apache Tomcat 9.0.0.M1 to 9.0.46
Apache Tomcat 8.5.0 to 8.5.66
Description:
Apache Tomcat did not correctly parse the HTTP transfer-encoding req
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.10.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M4 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
s
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.70.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.31 stable.
The key features of this release are:
- Windows binaries built using OpenSSL 1.1.1l
- Fix an issue when building with OpenSSl 3.0.0
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M5 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
s
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.11.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $
CVE-2021-41079 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.2
Apache Tomcat 9.0.0-M1 to 9.0.43
Apache Tomcat 8.5.0 to 8.5.63
Description:
When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a
The Apache Tomcat team is proud to announce the immediate availability
of Tomcat 4.1.34 stable. This build contains numerous bug fixes,
documentation updates, and other improvements.
Apache Tomcat is an implementation of the Java Server Pages 1.2 and Java
Servlet 2.3 specifications.
Please refer
The Apache Tomcat team is proud to announce the immediate availability
of Tomcat 4.1.36 stable. This build contains numerous library updates,
a small number of bug fixes and two important security fixes.
Apache Tomcat is an implementation of the Java Server Pages 1.2 and
Java Servlet 2.3 specifica
The Apache Tomcat team is proud to announce the immediate availability
of Tomcat 4.1.37 stable. This build contains numerous library updates,
a small number of bug fixes and two important, one moderate and six low
severity security fixes.
Apache Tomcat is an implementation of the Java Server Page
The Apache Tomcat team is proud to announce the immediate availability of
Tomcat 4.1.39 stable. This build contains a small number of bug fixes and
two important, one moderate and one low severity security fixes.
Apache Tomcat is an implementation of the Java Server Pages 1.2 and Java
Servlet 2.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vulnerability announcement:
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
mod_jk 1.2.0 to 1.2.26
Description:
Situations where faulty clients s
The Apache Tomcat team is proud to announce the immediate availability
of Tomcat 4.1.40 stable. This build contains a small number of bug fixes
and two important and three low severity security fixes.
Please refer to the release notes for a complete list of changes.
Apache Tomcat 4 is an implemen
The Apache Tomcat team announces the immediate availability
of Apache Tomcat 5.5.28 stable.
Apache Tomcat 5.5.28 incorporates numerous security updates and bug fixes.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
Downloads:
http://t
ensuring that an undeploy removes all files. If one or more
files cannot be deleted, it may be necessary to stop Tomcat before the
files can be deleted.
Credit:
This issue was discovered by the Apache Tomcat security team
References:
[1] http://tomcat.apache.org/security.html
Mark Thomas
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be a
team by Marc
Schoenefeld of the Red Hat Security Response Team
References:
[1] http://tomcat.apache.org/security.html
Mark Thomas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJLXMF6AAoJEBDAHFov
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.0 beta.
Note that this version has 4 zip binaries: a generic one and three
bundled with Tomcat native binaries for Windows operating systems
running on different CPU architectures.
Apache Tomcat 7.0 includes new f
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.0 beta.
Apache Tomcat 7.0 includes new features over Apache Tomcat 6.0,
including support for the new Servlet 3.0, JSP 2.2 and EL 2.2
specifications, web application memory leak detection and prevention,
improved s
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.2 beta.
Apache Tomcat 7.0 includes new features over Apache Tomcat 6.0,
including support for the new Servlet 3.0, JSP 2.2 and EL 2.2
specifications, web application memory leak detection and prevention,
improved secu
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.4 beta.
Apache Tomcat 7.0 includes new features over Apache Tomcat 6.0,
including support for the new Servlet 3.0, JSP 2.2 and EL 2.2
specifications, web application memory leak detection and prevention,
improved secu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.5 beta.
Apache Tomcat 7.0.5 beta contains performance improvements in session
management, a number of new features including support for parallel
deployment of multiple versions of the same web application and a
redes
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.6.
This is the first stable release of the Tomcat 7 branch.
Apache Tomcat 7.0.6 contains further performance improvements in session
management, a new binary distribution targeted at users embedding Tomcat
in other a
CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.3
- Tomcat 6.0.0 to 6.0.?
- Tomcat 5.5.0 to 5.5.?
- Earlier, unsupported versions may also be affected
Description:
When run
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.8
Apache Tomcat 7.0.8 is primarily a security and bug fix release with
numerous fixes compared to 7.0.6.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The original report is [1].
Tomcat is affected when accessing a form based security constrained
page or any page that calls javax.servlet.ServletRequest.getLocale() or
javax.servlet.ServletRequest.getLocales().
Work-arounds have been implemented in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-0534 Apache Tomcat DoS vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.6
- - Tomcat 6.0.0 to 6.0.30
Description:
Tomcat did not enforce the maxHttpHeaderSize limit while p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.5
- - Tomcat 6.0.0 to 6.0.29
- - Tomcat 5.5.0 to 5.5.31
- - Earlier, unsupported versions may also
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.3
- - Tomcat 6.0.0 to 6.0.?
- - Tomcat 5.5.0 to 5.5.?
- - Earlier, unsupport
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As reported on the users list [1], both Tomcat 7.0.8 and the latest
Tomcat 7 code from svn appear to ignore @ServletSecurity annotations.
Assuming this issue is confirmed, it may lead to authentication bypass
and information disclosure.
The exact deta
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.10
Apache Tomcat 7.0.10 is primarily a security and bug fix release with
numerous fixes compared to 7.0.8.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.htm
The fix in Tomcat 7.0.10 was incomplete. @SecurityAnnotations are still
ignored when there are no security constraints defined in web.xml (a
typical use case).
There will be a Tomcat 7.0.11 release shortly to address this. In the
meantime, the workaround of specifying at least one security constra
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.11
Apache Tomcat 7.0.11 is primarily a security fix release with a small
number of additional bug fixes compared to 7.0.10.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/tomcat-7.0-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1088 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.10
- - Earlier versions are not affected
Description:
When a web application was started, @
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.12.
Apache Tomcat 7.0.12 includes bug fixes and the following new features
compared to version 7.0.11:
* initial support for SPNEGO/Kerberos authentication (also referred to
as Windows authentication);
* provide a ne
CVE-2011-1183 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.11
- Earlier versions are not affected
Description:
A regression in the fix for CVE-2011-1088 meant that security
constraints were ignored when no lo
CVE-2011-1475 Apache Tomcat information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.11
- Earlier versions are not affected
Description:
Changes introduced to the HTTP BIO connector to support Servlet 3.0
asynchronous requests di
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1582 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.12-7.0.13
- - Earlier versions are not affected
Description:
An error in the fixes for CVE-2011-1088
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.16.
Apache Tomcat 7.0.16 includes bug fixes and the following new features
compared to version 7.0.14:
- NIO implementation of the AJP connector
- Enable Servlet 3 asynchronous processing support when using clustering
CVE-2011-2204 Apache Tomcat information disclosure
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.16
- Tomcat 6.0.0 to 6.0.32
- Tomcat 5.5.0 to 5.5.33
Earlier, unsupported versions may also be affected
Description:
When using the MemoryUserDatabase
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-2526: Apache Tomcat Information disclosure and availability
vulnerabilities
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.18
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
Previous
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.19
Apache Tomcat 7.0.19 includes security fixes, bug fixes and the
following new features compared to version 7.0.16:
- JSP recompilation is now triggered by any change (backwards as well
as forwards) in the last mo
The Apache Tomcat team announces that support for Apache Tomcat 5.5.x
will end on 30 September 2012.
This means that after 30 September 2012:
- releases from the 5.5.x branch are highly unlikely
- bugs affecting only the 5.5.x branch will not be addressed
- security vulnerability reports will not
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.20
Apache Tomcat 7.0.20 includes bug fixes and the following new features
and fixes compared to version 7.0.19:
- JSP files with dependencies in JARs are no longer recompiled on every
access thereby improving performa
CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.19
Tomcat 6.0.30 to 6.0.32
Tomcat 5.5.32 to 5.5.33
Description:
Due to a bug in the capabilities code, jsvc (the service wra
CVE-2011-2481: Apache Tomcat information disclosure vulnerability
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.16
Previous versions are not affected.
Description:
The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
vulnerability p
CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.20
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.33
- Earlier, unsupported versions may also be affected
Description:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.21
Apache Tomcat 7.0.21 includes security fixes, bug fixes and new features
compared to version 7.0.20 including:
- A fix for CVE-2011-3190 that allowed an attacker to inject requests
when Tomcat was configured behind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST
authentication
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.11
- - Tomcat 6.0.0 to 6.0.32
- - Tomcat 5.5.0 to 5.5.33
- - Earlier
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.22
Apache Tomcat 7.0.22 includes bug fixes and new features compared to
version 7.0.21 including:
- Further improvements to the memory leak detection and prevention features.
- Fix issue that prevented using SSL with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.21
Description:
This issue only affects environments running web applications that ar
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.23
This release includes numerous bug fixes and several new features
compared to version 7.0.22. The notable new features include:
* The ability to start and stop child containers (primarily Contexts:
i.e. web appli
You may have read about a recently announced vulnerability rooted in the
Java hashtable implementation [1]. Since Apache Tomcat uses a hashtable
for storing HTTP request parameters, it is affected by this issue.
As per [1], it appears that Oracle will not be providing a fix for this
vulnerability
CVE-2011-3375 Apache Tomcat Information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.21
- Tomcat 6.0.30 to 6.0.33
- Earlier versions are not affected
Description:
For performance reasons, information parsed from a request is ofte
CVE-2012-0022 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.22
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.34
- Earlier, unsupported versions may also be affected
Description:
Analysis of the recent hash co
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.25
This release includes numerous bug fixes and several new features
compared to version 7.0.23. The notable new features include:
* Align the Servlet 3.0 implementation with the changes defined in the
first mainten
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.26
This release is primarily a bug fix release and includes numerous
bug fixes compared to version 7.0.25. The notable bug fixes include:
* Improved @HandlesTypes processing which no longer loads
all classes on web
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.27
This release is includes significant new features as well as a number of
bug fixes compared to version 7.0.26. The notable changes include:
* Support for the WebSocket protocol (RFC6455). Both streaming and
messa
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.28.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release is includes may improvements as well as a number of bug
fixes compared to version 7.0.27
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.29.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release corrects a small number of regressions introduced in the
7.0.28 release and takes accoun
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.30.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains numerous bug fixes and improvements compared to
version 7.0.29. The notable cha
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.32.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains a small number of bug fixes and improvements
compared to version 7.0.30. The no
The Apache Tomcat Team announces the immediate availability of Apache
Tomcat 5.5.36.
Apache Tomcat 5.5.36 is primarily a bug-fix release.
As per the previous end of life announcement [1] this will almost
certainly be the final Apache Tomcat 5.5.x release. Users of the 5.5.x
series are strongly en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
- - Tomcat 5.5.0 to 5.5.35
- - Earlier, unsupported versi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-2733 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.27
- - Tomcat 6.0.0 to 6.0.35
Description:
The checks that limited the permitted size of request hea
It has been brought to the attention of the Apache Tomcat PMC that the
Tomcat 6.0.36 release announcement below was sent to the Tomcat users
list and the Tomcat developers list but not the Tomcat and ASF announce
lists.
Please accept our apologies if you missed the Apache Tomcat 6.0.36
release ann
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.33.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains a small number of bug fixes and improvements
compared to version 7.0.32. The no
CVE-2012-4534 Apache Tomcat denial of service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.27
- Tomcat 6.0.0 to 6.0.35
Description:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while readin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3546 Apache Tomcat Bypass of security constraints
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
Earlier unsupported versions may also be affected
Descrip
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.31
- - Tomcat 6.0.0 to 6.0.35
Description:
The CSRF prevention filter could be bypass
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.34.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains a small number of bug fixes and improvements
compared to version 7.0.33. The not
On 10/08/2011 13:00, Mark Thomas wrote:
> The Apache Tomcat team announces that support for Apache Tomcat 5.5.x
> will end on 30 September 2012.
>
> This means that after 30 September 2012:
> - releases from the 5.5.x branch are highly unlikely
> - bugs affecting only the 5.5.x
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.35.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains a small number of bug fixes and improvements
compared to version 7.0.34. The not
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.37.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains a small number of bug fixes and improvements
compared to version 7.0.35. The not
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.39.
Apache Tomcat is an open source software implementation of the Java
Servlet and JavaServer Pages technologies.
This release contains a number of bug fixes and improvements compared to
version 7.0.37. The notable c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-2071 Request mix-up if AsyncListener method throws
RuntimeException
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.39
Description:
Bug 54178 described a scenario where ele
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.40.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a security fix and a number of bug fixes
and improvem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-2067 Session fixation with FORM authenticator
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.32
- - Tomcat 6.0.21 to 6.0.36
Description:
FORM authentication associates the most recent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2012-3544 Chunked transfer encoding extension size is not limited
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.36
Description:
When processing a request submitt
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.41.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a number of bug fixes and improvements compared to
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.42.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a number of bug fixes and improvements compared to
ve
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.0-RC1 (alpha).
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8 is aligned with Java E
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.0-RC3 (alpha).
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8 is aligned with Java E
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.0-RC5 (alpha).
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8 is aligned with Java E
website:
http://commons.apache.org/proper/commons-pool/
Mark Thomas, on behalf of the Apache Commons community
201 - 300 of 481 matches
Mail list logo