The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.1.22 stable.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html
Downloads:
http://tomcat.apache.org/download-native.cgi
Thank you,
--
The
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.35 stable.
Apache Tomcat 6.0.35 is primarily a security and bug fix release.
All users of older versions of the Tomcat 6.0 family should upgrade to 6.0.35.
Note that is version has 4 zip binaries: a generic one and
CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat Native 1.2.0 to 1.2.16
Apache Tomcat Native 1.1.23 to 1.1.34
Description:
When using an OCSP responder Tomcat Native did
CVE-2018-8020 Apache Tomcat Native Connector - Mishandled OCSP responses can
allow clients to authenticate with revoked certificates
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat Native 1.2.0 to 1.2.16
Apache Tomcat Native 1.1.23 to 1.1.34
CVE-2018-8037 Apache Tomcat - Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M9 to 9.0.9
Apache Tomcat 8.5.5 to 8.5.31
Description:
A bug in the tracking of connection closures can lead to
reuse of user sessions in a
CVE-2018-1336 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M9 to 9.0.7
Apache Tomcat 8.5.0 to 8.5.30
Apache Tomcat 8.0.0.RC1 to 8.0.51
Apache Tomcat 7.0.28 to 7.0.86
Description:
An improper handing of
CVE-2018-8034 Apache Tomcat - Security Constraint Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.9
Apache Tomcat 8.5.0 to 8.5.31
Apache Tomcat 8.0.0.RC1 to 8.0.52
Apache Tomcat 7.0.35 to 7.0.88
Description:
The host name
