[ANN] Apache Tomcat 10.0.13 available

2021-11-15 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.13. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M7 (alpha) available

2021-11-15 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M7 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2021-42340 Apache Tomcat DoS

2021-10-14 Thread Mark Thomas
CVE-2021-42340 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M5 Apache Tomcat 10.0.0-M10 to 10.0.11 Apache Tomcat 9.0.40 to 9.0.53 Apache Tomcat 8.5.60 to 8.5.71 Description: The fix for bug 63362 introduced a

[ANN] Apache Tomcat 10.0.12 available

2021-10-04 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.12. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M6 (alpha) available

2021-10-04 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M6 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2021-41079 Apache Tomcat DoS

2021-09-15 Thread Mark Thomas
CVE-2021-41079 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.2 Apache Tomcat 9.0.0-M1 to 9.0.43 Apache Tomcat 8.5.0 to 8.5.63 Description: When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a

[ANN] Apache Tomcat 10.0.11 available

2021-09-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.11. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M5 (alpha) available

2021-09-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M5 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Native 1.2.31 released

2021-09-02 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.31 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1l - Fix an issue when building with OpenSSl 3.0.0 Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat 8.5.70 available

2021-08-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.70. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 10.1.0-M4 (alpha) available

2021-08-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M4 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 10.0.10 available

2021-08-06 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.10. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[SECURITY] CVE-2021-33037 Apache Tomcat HTTP request smuggling

2021-07-12 Thread Mark Thomas
CVE-2021-33037 HTTP request smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.6 Apache Tomcat 9.0.0.M1 to 9.0.46 Apache Tomcat 8.5.0 to 8.5.66 Description: Apache Tomcat did not correctly parse the HTTP transfer-encoding

[SECURITY] CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness

2021-07-12 Thread Mark Thomas
CVE-2021-30640 JNDI Realm Authentication Weakness Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.5 Apache Tomcat 9.0.0.M1 to 9.0.45 Apache Tomcat 8.5.0 to 8.5.65 Apache Tomcat 7.0.0 to 7.0.108 Description: Queries made by the JNDI Realm

[SECURITY] CVE-2021-30639 Apache Tomcat DoS

2021-07-12 Thread Mark Thomas
CVE-2021-30639 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.3 to 10.0.4 Apache Tomcat 9.0.44 Apache Tomcat 8.5.64 Description: An error introduced as part of a change to improve error handling during non-blocking I/O meant

[ANN] Apache Tomcat 10.0.8 available

2021-07-05 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.8. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M2 (alpha) available

2021-07-05 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M2. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 10.1.0-M1 (alpha) available

2021-06-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M1. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Native 1.2.30 released

2021-06-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.30 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1k - Fix an issue where some Windows systems in some configurations would only listen on IPv6 addresses on dual

[ANN] Apache Tomcat 8.5.66 available

2021-05-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.66. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.46 available

2021-05-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.46. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.46 is a bugfix and

[ANN] Apache Tomcat 10.0.6 available

2021-05-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.6. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.0

2021-05-08 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 1.0.0 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE

[ANN] Apache Tomcat Native 1.2.28 released

2021-04-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.28 stable. The key features of this release are: - Windows binaries built using 1.1.1k - Correct a regression in the fix for 65181 that prevented an error message from being displayed if an invalid key file

[ANN] Apache Tomcat 8.5.65 available

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.65. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.45 available

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.45. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.45 is a bugfix and

[ANN] Apache Tomcat 10.0.5 available

2021-04-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.5. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 8.5.64 available

2021-03-11 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.64. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.44 available

2021-03-11 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.44. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.44 is a bugfix and

[ANN] Apache Tomcat 10.0.4 available

2021-03-11 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.4. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

2021-03-01 Thread Mark Thomas
CVE-2021-25122 h2c request mix-up Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Description: When responding to new h2c connection requests, Apache Tomcat could

[SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

2021-03-01 Thread Mark Thomas
CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence) Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Apache Tomcat 7.0.0 to 7.0.107 Description:

[ANN] Apache Tomcat Migration tool for Jakarta EE 0.2.0

2021-02-18 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Migration Tool for Jakarta EE 0.2.0 Apache Tomcat Migration Tool for Jakarta EE is an open source software tool for migrating binary web applications (WAR files) and other binary artefacts from Java EE 8 to Jakarta EE 9.

[ANN] Apache Tomcat 8.5.63 available

2021-02-05 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.63. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.43 available

2021-02-03 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.43. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.43 is a bugfix and

[ANN] Apache Tomcat 10.0.2 available

2021-02-03 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.2. This release is the first stable release in the 10.0.x series and is targeted at Jakarta EE 9. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta

[ANNOUNCEMENT] Commons Daemon 1.2.4 Released

2021-01-22 Thread Mark Thomas
The Apache Commons Team is pleased to announce the availability of Apache Commons Daemon 1.2.4. The Apache Commons Daemon software library provides a generic Daemon (unix) or Service (Windows) wrapper for Java code. Version 1.2.4 is a bugfix release. A full list of changes can be found at

Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

2021-01-19 Thread Mark Thomas
Please note the updated affected version information below. Mark On 03/12/2020 18:01, Mark Thomas wrote: > CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up > > Severity: Moderate > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomca

[SECURITY] CVE-2021-24122 Apache Tomcat Information Disclosure

2021-01-14 Thread Mark Thomas
CVE-2021-24122 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M9 Apache Tomcat 9.0.0.M1 to 9.0.39 Apache Tomcat 8.5.0 to 8.5.59 Apache Tomcat 7.0.0 to 7.0.106 Description: When serving

[ANN] Apache Tomcat Native 1.2.26 released

2021-01-05 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.26 stable. The key features of this release are: - Windows binaries built using 1.1.1i - Expose support for Unix domain sockets (bug 64942) Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat 8.5.61 available

2020-12-09 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.61. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.41 available

2020-12-09 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.41. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.41 is a bugfix and

[ANN] Apache Tomcat 10.0.0 (beta) available

2020-12-09 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0 (beta). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

2020-12-03 Thread Mark Thomas
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M9 Apache Tomcat 9.0.0.M5 to 9.0.39 Apache Tomcat 8.5.1 to 8.5.59 Description: While investigating Bug 64830 it was

[ANN] Apache Tomcat 8.5.60 available

2020-11-18 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.60. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 10.0.0-M10 available

2020-11-18 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M9. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up

2020-10-12 Thread Mark Thomas
CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M7 Apache Tomcat 9.0.0.M5 to 9.0.37 Apache Tomcat 8.5.1 to 8.5.57 Description: If an HTTP/2 client exceeded the agreed maximum

[ANN] Apache Tomcat 10.0.0-M9 available

2020-10-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M9. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 9.0.39 available

2020-10-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.39. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.39 is a bugfix and

[ANN] Apache Tomcat 8.5.59 available

2020-10-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.59. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.38 available

2020-09-16 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.38. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.38 is a bugfix and

[ANN] Apache Tomcat 8.5.58 available

2020-09-16 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.58. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 10.0.0-M8 available

2020-09-15 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M8. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANNOUNCEMENT] Commons Daemon 1.2.3 Released

2020-09-14 Thread Mark Thomas
The Apache Commons Team is pleased to announce the availability of Apache Commons Daemon 1.2.3. The Apache Commons Daemon software library provides a generic Daemon (unix) or Service (Windows) wrapper for Java code. Version 1.2.3 is a bugfix release. A full list of changes can be found at

[ANN] Apache Tomcat Native 1.2.25 released

2020-09-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.25 stable. The key features of this release are: - Improvements to the build system - Add an option to allow the OCSP check to be bypassed Please refer to the change log for the complete list of changes:

[SECURITY] CVE-2020-13935 Apache Tomcat WebSocket Denial of Service

2020-07-14 Thread Mark Thomas
CVE-2020-13935 Apache Tomcat WebSocket Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M6 Apache Tomcat 9.0.0.M1 to 9.0.36 Apache Tomcat 8.5.0 to 8.5.56 Apache Tomcat 7.0.27 to 7.0.104 Description: The payload

[SECURITY] CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service

2020-07-14 Thread Mark Thomas
CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M6 Apache Tomcat 9.0.0.M5 to 9.0.36 Apache Tomcat 8.5.1 to 8.5.56 Description: An h2c direct connection did not release the

[ANN] Apache Tomcat 8.5.57 available

2020-07-06 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.57. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.37 available

2020-07-06 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.37. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.37 is a bugfix and

[ANN] Apache Tomcat 10.0.0-M7 available

2020-07-06 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M7. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service

2020-06-25 Thread Mark Thomas
CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M5 Apache Tomcat 9.0.0.M1 to 9.0.35 Apache Tomcat 8.5.0 to 8.5.55 Description: A specially crafted sequence of HTTP/2 requests

[ANN] Apache Tomcat 8.5.56 available

2020-06-08 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.56. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.36 available

2020-06-08 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.36. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.36 is a bugfix and

[ANN] Apache Tomcat 10.0.0-M6 available

2020-06-08 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M6. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence

2020-05-20 Thread Mark Thomas
CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4 Apache Tomcat 9.0.0.M1 to 9.0.34 Apache Tomcat 8.5.0 to 8.5.54 Apache Tomcat 7.0.0 to 7.0.103 Description: If:

[ANN] Apache Tomcat 10.0.0-M5 available

2020-05-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M5. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 9.0.35 available

2020-05-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.35. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.35 is a bugfix and

[ANN] Apache Tomcat 8.5.55 available

2020-05-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.55. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat Native 1.2.24 released

2020-04-30 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.24 stable. The key features of this release are: - Improvements to the build system - Update Windows binaries to APR 1.7.0 and OpenSSL 1.1.1g Please refer to the change log for the complete list of changes:

[ANN] Apache Tomcat 8.5.54 available

2020-04-09 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.54. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.34 available

2020-04-09 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.34. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.34 is a bugfix and

[ANN] Apache Tomcat 10.0.0-M4 available

2020-04-09 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M4. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat 8.5.53 available

2020-03-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.53. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.33 available

2020-03-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.33. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.33 is a bugfix and

[ANN] Apache Tomcat 10.0.0-M3 available

2020-03-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M3. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[ANN] Apache Tomcat Connectors 1.2.48 released

2020-03-09 Thread Mark Thomas
The Apache Tomcat Connectors project is part of the Tomcat project and provides web server plugins for httpd (mod_jk), IIS (ISAPI) and Netscape (NSAPI) to connect those web servers with Tomcat and other backends. The Apache Tomcat Project is proud to announce the release of version 1.2.48 of the

[ANN] End of life for Apache Tomcat 7.0.x

2020-03-02 Thread Mark Thomas
The Apache Tomcat team announces that support for Apache Tomcat 7.0.x will end on 31 March 2021. This means that after 31 March 2021: - releases from the 7.0.x branch are highly unlikely - bugs affecting only the 7.0.x branch will not be addressed - security vulnerability reports will not be

[ANN] Apache Tomcat 10.0.0-M1 available

2020-02-24 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.0-M1. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

[SECURITY] CVE-2020-1935 HTTP Request Smuggling

2020-02-24 Thread Mark Thomas
CVE-2020-1935 HTTP Request Smuggling Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.30 Apache Tomcat 8.5.0 to 8.5.50 Apache Tomcat 7.0.0 to 7.0.99 Description: The HTTP header parsing code used an approach to end-of-line parsing that

[SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution

2020-02-24 Thread Mark Thomas
CVE-2020-1938 AJP Request Injection and potential Remote Code Execution Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.30 Apache Tomcat 8.5.0 to 8.5.50 Apache Tomcat 7.0.0 to 7.0.99 Description: When using the Apache JServ Protocol (AJP),

[SECURITY] CVE-2019-17569 HTTP Request Smuggling

2020-02-24 Thread Mark Thomas
CVE-2019-17569 HTTP Request Smuggling Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.28 to 9.0.30 Apache Tomcat 8.5.48 to 8.5.50 Apache Tomcat 7.0.98 to 7.0.99 Description: The refactoring in 9.0.28, 8.5.48 and 7.0.98 introduced a regression. The

[ANN] Apache Tomcat 8.5.51 available

2020-02-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.51. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.31 available

2020-02-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.30. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.31 is a bugfix and

[SECURITY] CVE-2019-12418 Local Privilege Escalation

2019-12-18 Thread Mark Thomas
CVE-2019-12418 Local Privilege Escalation Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.28 Apache Tomcat 8.5.0 to 8.5.47 Apache Tomcat 7.0.0 to 7.0.97 Description: When Tomcat is configured with the JMX Remote Lifecycle Listener, a

[SECURITY] CVE-2019-17563 Session fixation

2019-12-18 Thread Mark Thomas
CVE-2019-17563 Session fixation Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.29 Apache Tomcat 8.5.0 to 8.5.49 Apache Tomcat 7.0.0 to 7.0.98 Description: When using FORM authentication there was a narrow window where an attacker could

[ANN] Apache Tomcat 8.5.50 available

2019-12-18 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.50. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.30 available

2019-12-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.30. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.30 is a bugfix and

[ANN] Apache Tomcat 8.5.49 available

2019-11-22 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.49. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.29 available

2019-11-22 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.29. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.29 is a bugfix and

[ANN] Apache Tomcat 8.5.47 available

2019-10-14 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.47. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.27 available

2019-10-14 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.27. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.27 is a bugfix and

[ANNOUNCEMENT] Commons Daemon 1.2.2 Released

2019-10-11 Thread Mark Thomas
The Apache Commons Team is pleased to announce the availability of Apache Commons Daemon 1.2.2. The Apache Commons Daemon software library provides a generic Daemon (unix) or Service (Windows) wrapper for Java code. Version 1.2.2 is a bugfix release. A full list of changes can be found at

[ANN] Apache Tomcat 8.5.46 available

2019-09-20 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.46. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.26 available

2019-09-20 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.26. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.26 is a bugfix and

[ANNOUNCEMENT] Commons Daemon 1.2.1 Released

2019-09-12 Thread Mark Thomas
The Apache Commons Team is pleased to announce the availability of Apache Commons Daemon 1.2.1. The Apache Commons Daemon software library provides a generic Daemon (unix) or Service (Windows) wrapper for Java code. Version 1.2.1 is a bugfix release. A full list of changes can be found at

[ANN] Apache Tomcat 8.5.45 available

2019-08-22 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.45. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.24 available

2019-08-19 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.24. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.24 is a bugfix and

[ANN] Apache Tomcat 8.5.43 available

2019-07-10 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.43. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

[ANN] Apache Tomcat 9.0.22 available

2019-07-10 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.22. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.22 is a bugfix and

[ANNOUNCEMENT] Commons Daemon 1.2.0 Released

2019-07-04 Thread Mark Thomas
The Apache Commons Team is pleased to announce the availability of Apache Commons Daemon 1.2.0. The Apache Commons Daemon software library provides a generic Daemon (unix) or Service (Windows) wrapper for Java code. Version 1.2.0 is a feature and bugfix release. A full list of changes can be

  1   2   3   4   >