The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M4 (alpha).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.10.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
CVE-2021-30640 JNDI Realm Authentication Weakness
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.5
Apache Tomcat 9.0.0.M1 to 9.0.45
Apache Tomcat 8.5.0 to 8.5.65
Apache Tomcat 7.0.0 to 7.0.108
Description:
Queries made by the JNDI Realm
CVE-2021-33037 HTTP request smuggling
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.6
Apache Tomcat 9.0.0.M1 to 9.0.46
Apache Tomcat 8.5.0 to 8.5.66
Description:
Apache Tomcat did not correctly parse the HTTP transfer-encoding
CVE-2021-30639 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.3 to 10.0.4
Apache Tomcat 9.0.44
Apache Tomcat 8.5.64
Description:
An error introduced as part of a change to improve error handling during
non-blocking I/O meant
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.8.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.0-M2.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.7.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.30 stable.
The key features of this release are:
- Windows binaries built using OpenSSL 1.1.1k
- Fix an issue where some Windows systems in some configurations would
only listen on IPv6 addresses on dual
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.66.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.46.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.46 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.6.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.0
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.65.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.45.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.45 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.5.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.28 stable.
The key features of this release are:
- Windows binaries built using 1.1.1k
- Correct a regression in the fix for 65181 that prevented an error
message from being displayed if an invalid key file
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.64.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.44.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.44 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.4.
This release is targeted at Jakarta EE 9.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the
CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session
persistence)
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0
Apache Tomcat 9.0.0.M1 to 9.0.41
Apache Tomcat 8.5.0 to 8.5.61
Apache Tomcat 7.0.0 to 7.0.107
Description:
CVE-2021-25122 h2c request mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0
Apache Tomcat 9.0.0.M1 to 9.0.41
Apache Tomcat 8.5.0 to 8.5.61
Description:
When responding to new h2c connection requests, Apache Tomcat could
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 0.2.0
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artefacts from Java EE 8 to Jakarta EE 9.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.63.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.43.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.43 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.2.
This release is the first stable release in the 10.0.x series and is
targeted at Jakarta EE 9.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta
Please note the updated affected version information below.
Mark
On 03/12/2020 18:01, Mark Thomas wrote:
> CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up
>
> Severity: Moderate
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
> Apache Tomca
CVE-2021-24122 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M9
Apache Tomcat 9.0.0.M1 to 9.0.39
Apache Tomcat 8.5.0 to 8.5.59
Apache Tomcat 7.0.0 to 7.0.106
Description:
When serving
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.26 stable.
The key features of this release are:
- Windows binaries built using 1.1.1i
- Expose support for Unix domain sockets (bug 64942)
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.61.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.41.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.41 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0 (beta).
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M9
Apache Tomcat 9.0.0.M5 to 9.0.39
Apache Tomcat 8.5.1 to 8.5.59
Description:
While investigating Bug 64830 it was
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.60.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.40.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.40 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M9.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2020-13943 Apache Tomcat HTTP/2 Request mix-up
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M7
Apache Tomcat 9.0.0.M5 to 9.0.37
Apache Tomcat 8.5.1 to 8.5.57
Description:
If an HTTP/2 client exceeded the agreed maximum
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.39.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.39 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M9.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.59.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.58.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.38.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.38 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M8.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.25 stable.
The key features of this release are:
- Improvements to the build system
- Add an option to allow the OCSP check to be bypassed
Please refer to the change log for the complete list of changes:
CVE-2020-13935 Apache Tomcat WebSocket Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M1 to 9.0.36
Apache Tomcat 8.5.0 to 8.5.56
Apache Tomcat 7.0.27 to 7.0.104
Description:
The payload
CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M5 to 9.0.36
Apache Tomcat 8.5.1 to 8.5.56
Description:
An h2c direct connection did not release the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.57.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.37.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.37 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M7.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M5
Apache Tomcat 9.0.0.M1 to 9.0.35
Apache Tomcat 8.5.0 to 8.5.55
Description:
A specially crafted sequence of HTTP/2 requests
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.56.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.36.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.36 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M6.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.55.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.35.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.35 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M5.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.24 stable.
The key features of this release are:
- Improvements to the build system
- Update Windows binaries to APR 1.7.0 and OpenSSL 1.1.1g
Please refer to the change log for the complete list of changes:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.34.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.34 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M4.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.53.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.33.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.33 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M3.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
The Apache Tomcat Connectors project is part of the Tomcat project and
provides web server plugins for httpd (mod_jk), IIS (ISAPI) and Netscape
(NSAPI) to connect those web servers with Tomcat and other backends.
The Apache Tomcat Project is proud to announce the release of version
1.2.48 of the
The Apache Tomcat team announces that support for Apache Tomcat 7.0.x
will end on 31 March 2021.
This means that after 31 March 2021:
- releases from the 7.0.x branch are highly unlikely
- bugs affecting only the 7.0.x branch will not be addressed
- security vulnerability reports will not be
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M1.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.30
Apache Tomcat 8.5.0 to 8.5.50
Apache Tomcat 7.0.0 to 7.0.99
Description:
When using the Apache JServ Protocol (AJP),
CVE-2019-17569 HTTP Request Smuggling
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.28 to 9.0.30
Apache Tomcat 8.5.48 to 8.5.50
Apache Tomcat 7.0.98 to 7.0.99
Description:
The refactoring in 9.0.28, 8.5.48 and 7.0.98 introduced a regression.
The
CVE-2020-1935 HTTP Request Smuggling
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.30
Apache Tomcat 8.5.0 to 8.5.50
Apache Tomcat 7.0.0 to 7.0.99
Description:
The HTTP header parsing code used an approach to end-of-line parsing
that
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.51.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.30.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.31 is a bugfix and
CVE-2019-17563 Session fixation
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.29
Apache Tomcat 8.5.0 to 8.5.49
Apache Tomcat 7.0.0 to 7.0.98
Description:
When using FORM authentication there was a narrow window where an
attacker could
CVE-2019-12418 Local Privilege Escalation
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.28
Apache Tomcat 8.5.0 to 8.5.47
Apache Tomcat 7.0.0 to 7.0.97
Description:
When Tomcat is configured with the JMX Remote Lifecycle Listener, a
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.50.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.30.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.30 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.49.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.29.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.29 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.47.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.27.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.27 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.46.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.26.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.26 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.45.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.24.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.24 is a bugfix and
Today Netflix has published a report highlighting various potential DoS
attacks against HTTP/2 implementations [1].
No immediate action is required for Tomcat users since none of the
described attacks result in a DoS with Apache Tomcat.
The Tomcat Security Team has reviewed the impact on Tomcat
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.43.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.22.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.22 is a bugfix and
This updated notice corrects the version numbers in the mitigation section.
CVE-2019-10072 Apache Tomcat HTTP/2 DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.19
Apache Tomcat 8.5.0 to 8.5.40
Description:
The fix for
CVE-2019-10072 Apache Tomcat HTTP/2 DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.19
Apache Tomcat 8.5.0 to 8.5.40
Description:
The fix for CVE-2019-0199 was incomplete and did not address connection
window exhaustion on write.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.42.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.21.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.21 is a bugfix and
CVE-2019-0221 Apache Tomcat XSS in SSI printenv
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
Description:
The SSI printenv command echoes user provided data without escaping
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.41.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.19.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.19 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.40.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.94.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.
This release contains a number of bug fixes and
CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
Description:
When running on Windows with
CVE-2019-0199 Apache Tomcat HTTP/2 DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.14
Apache Tomcat 8.5.0 to 8.5.37
Description:
The HTTP/2 implementation accepted streams with excessive numbers of
SETTINGS frames and also
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.39.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.38.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.16.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.16 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.21 stable.
The key features of this release are:
- Fixed memory leaks when using NIO/NIO2 with OpenSSL for TLS
Please refer to the change log for the complete list of changes:
101 - 200 of 290 matches
Mail list logo