** Description changed: Scheduled-For: ubuntu-25.11 Ubuntu: 9.0.95-1ubuntu1 Debian Unstable: 9.0.111-1 A new release of tomcat9 is available for syncing from Debian Unstable. The Ubuntu delta is already present in Debian unstable's source. + A test build can be found here: + https://launchpad.net/~ebarretto/+archive/ubuntu/devel-testing/+packages?field.name_filter=tomcat9&field.status_filter=published&field.series_filter=resolute + ### New Debian Changes ### tomcat9 (9.0.111-1) unstable; urgency=medium - * Team upload - * New upstream release + * Team upload + * New upstream release - -- Bastien Roucariès <[email protected]> Sat, 25 Oct 2025 16:51:01 + -- Bastien Roucariès <[email protected]> Sat, 25 Oct 2025 16:51:01 +0200 ### Old Ubuntu Delta ### tomcat9 (9.0.95-1ubuntu1) questing; urgency=medium - * Merge with Debian unstable. (LP: #2116267) Remaning changes: - - d/p/CVE-2025-24813.patch: Enhance lifecycle of - temporary files used by partial PUT and use File.createTempFile() - instead of custom naming based on resource path conversion in - java/org/apache/catalina/servlets/DefaultServlet.java - * Dropped changes, superseded upstream: - - d/p/CVE-2023-46589_1.patch: Differentiate request cancellation - - d/p/CVE-2023-46589_2.patch: Ensure IOException on request read - always triggers error handling. - - d/p/CVE-2023-28708.patch: Fix BZ 66471 - JSessionId - secure attribute missing with RemoteIpFilter and X-Forwarded-Proto - set to https - - d/p/CVE-2023-42795.patch: Improve handling of failures during - recycle() methods - - d/p/CVE-2023-45648.patch: Align processing of trailer headers with - standard processing - - d/p/CVE-2024-23672-pre-1.patch: Rename prior to extending with - additional tests - - d/p/CVE-2024-23672-pre-2.patch: Add test util getter for root - context with class path scanning disabled - - d/p/CVE-2024-23672.patch: Refactor WebSocket close for suspend/resume - - d/p/CVE-2024-24549.patch: Report HTTP/2 header parsing - errors earlier - - d/p/CVE-2024-24549-post-1.patch: Make recycled streams eligible for - GC immediately. Improves scalability. - - d/p/CVE-2024-24549-post-2.patch: Update tests after HTTP/2 - improvements - - d/p/CVE-2024-34750-pre-1.patch: Fix 66530 - Regression in fix for - BZ 66442. Ensure count is decremented - - d/p/CVE-2024-34750-pre-2.patch: Refactor decrement using a common - method - - d/p/CVE-2024-34750.patch: Make counting of active streams more robust - - d/p/CVE-2024-38286.patch: Add support for re-keying with TLS 1.3 - - Search for the appropriate JDT jar according to new project - structure. This is was fixed in debian unstable in - d/p/0030-eclipse-jdt-classpath.patch + * Merge with Debian unstable. (LP: #2116267) Remaning changes: + - d/p/CVE-2025-24813.patch: Enhance lifecycle of + temporary files used by partial PUT and use File.createTempFile() + instead of custom naming based on resource path conversion in + java/org/apache/catalina/servlets/DefaultServlet.java + * Dropped changes, superseded upstream: + - d/p/CVE-2023-46589_1.patch: Differentiate request cancellation + - d/p/CVE-2023-46589_2.patch: Ensure IOException on request read + always triggers error handling. + - d/p/CVE-2023-28708.patch: Fix BZ 66471 - JSessionId + secure attribute missing with RemoteIpFilter and X-Forwarded-Proto + set to https + - d/p/CVE-2023-42795.patch: Improve handling of failures during + recycle() methods + - d/p/CVE-2023-45648.patch: Align processing of trailer headers with + standard processing + - d/p/CVE-2024-23672-pre-1.patch: Rename prior to extending with + additional tests + - d/p/CVE-2024-23672-pre-2.patch: Add test util getter for root + context with class path scanning disabled + - d/p/CVE-2024-23672.patch: Refactor WebSocket close for suspend/resume + - d/p/CVE-2024-24549.patch: Report HTTP/2 header parsing + errors earlier + - d/p/CVE-2024-24549-post-1.patch: Make recycled streams eligible for + GC immediately. Improves scalability. + - d/p/CVE-2024-24549-post-2.patch: Update tests after HTTP/2 + improvements + - d/p/CVE-2024-34750-pre-1.patch: Fix 66530 - Regression in fix for + BZ 66442. Ensure count is decremented + - d/p/CVE-2024-34750-pre-2.patch: Refactor decrement using a common + method + - d/p/CVE-2024-34750.patch: Make counting of active streams more robust + - d/p/CVE-2024-38286.patch: Add support for re-keying with TLS 1.3 + - Search for the appropriate JDT jar according to new project + structure. This is was fixed in debian unstable in + d/p/0030-eclipse-jdt-classpath.patch - -- Eduardo Barretto <[email protected]> Wed, 09 Jul 2025 + -- Eduardo Barretto <[email protected]> Wed, 09 Jul 2025 17:12:14 +0200
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130567 Title: Please sync tomcat9 from Debian Unstable for Resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/2130567/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
