Public bug reported: Scheduled-For: ubuntu-25.11 Ubuntu: 9.0.95-1ubuntu1 Debian Unstable: 9.0.111-1
A new release of tomcat9 is available for syncing from Debian Unstable. The Ubuntu delta is already present in Debian unstable's source. ### New Debian Changes ### tomcat9 (9.0.111-1) unstable; urgency=medium * Team upload * New upstream release -- Bastien Roucariès <[email protected]> Sat, 25 Oct 2025 16:51:01 +0200 ### Old Ubuntu Delta ### tomcat9 (9.0.95-1ubuntu1) questing; urgency=medium * Merge with Debian unstable. (LP: #2116267) Remaning changes: - d/p/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT and use File.createTempFile() instead of custom naming based on resource path conversion in java/org/apache/catalina/servlets/DefaultServlet.java * Dropped changes, superseded upstream: - d/p/CVE-2023-46589_1.patch: Differentiate request cancellation - d/p/CVE-2023-46589_2.patch: Ensure IOException on request read always triggers error handling. - d/p/CVE-2023-28708.patch: Fix BZ 66471 - JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https - d/p/CVE-2023-42795.patch: Improve handling of failures during recycle() methods - d/p/CVE-2023-45648.patch: Align processing of trailer headers with standard processing - d/p/CVE-2024-23672-pre-1.patch: Rename prior to extending with additional tests - d/p/CVE-2024-23672-pre-2.patch: Add test util getter for root context with class path scanning disabled - d/p/CVE-2024-23672.patch: Refactor WebSocket close for suspend/resume - d/p/CVE-2024-24549.patch: Report HTTP/2 header parsing errors earlier - d/p/CVE-2024-24549-post-1.patch: Make recycled streams eligible for GC immediately. Improves scalability. - d/p/CVE-2024-24549-post-2.patch: Update tests after HTTP/2 improvements - d/p/CVE-2024-34750-pre-1.patch: Fix 66530 - Regression in fix for BZ 66442. Ensure count is decremented - d/p/CVE-2024-34750-pre-2.patch: Refactor decrement using a common method - d/p/CVE-2024-34750.patch: Make counting of active streams more robust - d/p/CVE-2024-38286.patch: Add support for re-keying with TLS 1.3 - Search for the appropriate JDT jar according to new project structure. This is was fixed in debian unstable in d/p/0030-eclipse-jdt-classpath.patch -- Eduardo Barretto <[email protected]> Wed, 09 Jul 2025 17:12:14 +0200 ** Affects: tomcat9 (Ubuntu) Importance: Undecided Status: New ** Changed in: tomcat9 (Ubuntu) Milestone: None => ubuntu-25.11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130567 Title: Please sync tomcat9 from Debian Unstable for Resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/2130567/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
