[UPDATE][SECURITY] CVE-2017-7675 Apache Tomcat Security Constraint Bypass

CVE-2017-7675 Apache Tomcat Security Constraint Bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M21 Apache Tomcat 8.5.0 to 8.5.15 Description: The HTTP/2 implementation bypassed a number of security checks that prevented

[Bug 61101] CorsFilter should add Vary header to response

https://bz.apache.org/bugzilla/show_bug.cgi?id=61101 --- Comment #2 from Mark Thomas --- This is CVE-2017-7674 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe,

svn propchange: r1795816 - svn:log

Author: markt Revision: 1795816 Modified property: svn:log Modified: svn:log at Thu Aug 10 22:07:19 2017 -- --- svn:log (original) +++ svn:log Thu Aug 10 22:07:19 2017 @@ -1 +1,2 @@ BZ61101: CORS filter should set Vary

svn propchange: r1795815 - svn:log

Author: markt Revision: 1795815 Modified property: svn:log Modified: svn:log at Thu Aug 10 22:07:08 2017 -- --- svn:log (original) +++ svn:log Thu Aug 10 22:07:08 2017 @@ -1 +1,2 @@ BZ61101: CORS filter should set Vary

svn propchange: r1795814 - svn:log

Author: markt Revision: 1795814 Modified property: svn:log Modified: svn:log at Thu Aug 10 22:06:58 2017 -- --- svn:log (original) +++ svn:log Thu Aug 10 22:06:58 2017 @@ -1 +1,2 @@ BZ61101: CORS filter should set Vary

svn propchange: r1795813 - svn:log

Author: markt Revision: 1795813 Modified property: svn:log Modified: svn:log at Thu Aug 10 22:06:43 2017 -- --- svn:log (original) +++ svn:log Thu Aug 10 22:06:43 2017 @@ -1 +1,2 @@ BZ61101: CORS filter should set Vary

[Bug 61120] Tomcat 8.5.15 with HTTP/2: URL path parameters lost

https://bz.apache.org/bugzilla/show_bug.cgi?id=61120 --- Comment #2 from Mark Thomas --- This is CVE-2017-7675. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe,

svn propchange: r1796091 - svn:log

Author: markt Revision: 1796091 Modified property: svn:log Modified: svn:log at Thu Aug 10 22:05:43 2017 -- --- svn:log (original) +++ svn:log Thu Aug 10 22:05:43 2017 @@ -1,2 +1,3 @@ Fix

svn propchange: r1796090 - svn:log

Author: markt Revision: 1796090 Modified property: svn:log Modified: svn:log at Thu Aug 10 22:05:29 2017 -- --- svn:log (original) +++ svn:log Thu Aug 10 22:05:29 2017 @@ -1,2 +1,3 @@ Fix

[SECURITY] CVE-2017-7675 Apache Tomcat Security Constraint Bypass

CVE-2017-7675 Apache Tomcat Cache Poisoning Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M21 Apache Tomcat 8.5.0 to 8.5.15 Description: The HTTP/2 implementation bypassed a number of security checks that prevented directory

[SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning

CVE-2017-7674 Apache Tomcat Cache Poisoning Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M21 Apache Tomcat 8.5.0 to 8.5.15 Apache Tomcat 8.0.0.RC1 to 8.0.44 Apache Tomcat 7.0.41 to 7.0.78 Description: The CORS Filter did not an

svn commit: r1804734 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Author: markt Date: Thu Aug 10 22:01:13 2017 New Revision: 1804734 URL: http://svn.apache.org/viewvc?rev=1804734=rev Log: Add info for: - CVE-2017-7674 - CVE-2017-7675 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html

svn commit: r1804729 - in /tomcat/tc7.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java java/org/apache/naming/resources/VirtualDirContext.java webapps/docs/changelog.xml

Author: markt Date: Thu Aug 10 21:09:31 2017 New Revision: 1804729 URL: http://svn.apache.org/viewvc?rev=1804729=rev Log: Correct regression in r1804604 that broke WebDAV. Modified: tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java

[Bug 61398] classpath jars and files are not loading from classpath in web applicaiton

https://bz.apache.org/bugzilla/show_bug.cgi?id=61398 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID

[Bug 61398] New: classpath jars and files are not loading from classpath in web applicaiton

https://bz.apache.org/bugzilla/show_bug.cgi?id=61398 Bug ID: 61398 Summary: classpath jars and files are not loading from classpath in web applicaiton Product: Tomcat 8 Version: 8.0.45 Hardware: Other OS:

[Bug 59617] Java file not found for some jars while loading tomcat

https://bz.apache.org/bugzilla/show_bug.cgi?id=59617 Banupriya changed: What|Removed |Added CC|

Re: [VOTE] Release Apache Tomcat 7.0.80

On 10/08/17 10:42, Violeta Georgieva wrote: > The proposed Apache Tomcat 7.0.80 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.80/ > The Maven staging repo is: >

[Bug 61393] org.apache.tomcat.jni.TestSocketServer timeout failure on a fast computer

https://bz.apache.org/bugzilla/show_bug.cgi?id=61393 Konstantin Kolinko changed: What|Removed |Added OS||All

svn commit: r1804661 - in /tomcat/tc8.0.x/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml

Author: violetagg Date: Thu Aug 10 11:00:55 2017 New Revision: 1804661 URL: http://svn.apache.org/viewvc?rev=1804661=rev Log: Increment version for next dev cycle Modified: tomcat/tc8.0.x/trunk/build.properties.default tomcat/tc8.0.x/trunk/res/maven/mvn.properties.default

[VOTE] Release Apache Tomcat 8.0.46

The proposed Apache Tomcat 8.0.46 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.46/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1150/ The svn tag is:

svn commit: r20918 [2/2] - in /dev/tomcat/tomcat-8/v8.0.46: ./ bin/ bin/embed/ bin/extras/ src/

Added: dev/tomcat/tomcat-8/v8.0.46/bin/extras/catalina-ws.jar.asc == --- dev/tomcat/tomcat-8/v8.0.46/bin/extras/catalina-ws.jar.asc (added) +++ dev/tomcat/tomcat-8/v8.0.46/bin/extras/catalina-ws.jar.asc Thu Aug 10

svn commit: r20918 [1/2] - in /dev/tomcat/tomcat-8/v8.0.46: ./ bin/ bin/embed/ bin/extras/ src/

Author: violetagg Date: Thu Aug 10 10:54:28 2017 New Revision: 20918 Log: Stage 8.0.46 RC Added: dev/tomcat/tomcat-8/v8.0.46/ dev/tomcat/tomcat-8/v8.0.46/KEYS dev/tomcat/tomcat-8/v8.0.46/README.html dev/tomcat/tomcat-8/v8.0.46/RELEASE-NOTES dev/tomcat/tomcat-8/v8.0.46/bin/

svn commit: r1804653 - in /tomcat/tc8.0.x/tags/TOMCAT_8_0_46: ./ build.properties.default webapps/docs/changelog.xml

Author: violetagg Date: Thu Aug 10 09:56:12 2017 New Revision: 1804653 URL: http://svn.apache.org/viewvc?rev=1804653=rev Log: Tag 8.0.46 Added: tomcat/tc8.0.x/tags/TOMCAT_8_0_46/ (props changed) - copied from r1804652, tomcat/tc8.0.x/trunk/ Modified:

svn commit: r1804649 - in /tomcat/tc7.0.x/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml

Author: violetagg Date: Thu Aug 10 09:45:45 2017 New Revision: 1804649 URL: http://svn.apache.org/viewvc?rev=1804649=rev Log: Increment version for next dev cycle Modified: tomcat/tc7.0.x/trunk/build.properties.default tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default

[VOTE] Release Apache Tomcat 7.0.80

The proposed Apache Tomcat 7.0.80 release is now available for voting. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.80/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1149/ The svn tag is:

svn commit: r20917 [2/2] - in /dev/tomcat/tomcat-7/v7.0.80: ./ bin/ bin/embed/ bin/extras/ src/

Added: dev/tomcat/tomcat-7/v7.0.80/bin/extras/catalina-jmx-remote.jar.sha1 == --- dev/tomcat/tomcat-7/v7.0.80/bin/extras/catalina-jmx-remote.jar.sha1 (added) +++

svn commit: r20917 [1/2] - in /dev/tomcat/tomcat-7/v7.0.80: ./ bin/ bin/embed/ bin/extras/ src/

Author: violetagg Date: Thu Aug 10 09:41:42 2017 New Revision: 20917 Log: Stage 7.0.80 RC Added: dev/tomcat/tomcat-7/v7.0.80/ dev/tomcat/tomcat-7/v7.0.80/KEYS dev/tomcat/tomcat-7/v7.0.80/README.html dev/tomcat/tomcat-7/v7.0.80/RELEASE-NOTES dev/tomcat/tomcat-7/v7.0.80/bin/

svn commit: r1804645 - in /tomcat/tc7.0.x/tags/TOMCAT_7_0_80: ./ build.properties.default

Author: violetagg Date: Thu Aug 10 08:55:03 2017 New Revision: 1804645 URL: http://svn.apache.org/viewvc?rev=1804645=rev Log: Tag 7.0.80 Added: tomcat/tc7.0.x/tags/TOMCAT_7_0_80/ (props changed) - copied from r1804644, tomcat/tc7.0.x/trunk/ Modified:

svn commit: r1804644 - /tomcat/tc7.0.x/tags/TOMCAT_7_0_80/

Author: violetagg Date: Thu Aug 10 08:52:58 2017 New Revision: 1804644 URL: http://svn.apache.org/viewvc?rev=1804644=rev Log: Drop the tag in order to pick up a fix in javadoc Removed: tomcat/tc7.0.x/tags/TOMCAT_7_0_80/ -

svn commit: r1804643 - /tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java

Author: violetagg Date: Thu Aug 10 08:51:01 2017 New Revision: 1804643 URL: http://svn.apache.org/viewvc?rev=1804643=rev Log: Fix javadoc Modified: tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java Modified: