Hi Anthony,
Thank you for reporting this issue. This was caused by the fix for
CVE-2016-5018 in the version 7.0.56-3+deb8u5 which removed the inner
class PrivilegedIntrospectHelper. This issue was fixed upstream [1] but
the extra commit [2] wasn't documented on the Tomcat 7 security page
[3]. The
Package: tomcat7
Version: 7.0.56-3+deb8u5
Severity: important
I applied the latest security update and it broke tomcat completely. The logs
show:
SEVERE: SecurityClassLoad
java.lang.ClassNotFoundException:
org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
at java.ne
2 matches
Mail list logo