Package tomcat9-webapps-1:9.0.87-5.el10_0.3.noarch content_copy download

×

* Mon Aug 18 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.3
- Resolves: RHEL-102187
  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)

* Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.2
- Resolves: RHEL-108484
  tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108492
  tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108500
  tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108508
  tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108520
  tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108516
  tomcat: Denial of service (CVE-2025-53506)

* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.1
- Resolves: RHEL-91748
  tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-94959
  tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

* Wed May 14 2025 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:9.0.87-5
- Rebuilt for MSVSphere 10

* Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
- Resolves: RHEL-82927
  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)

* Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4
- add Obsoletes to aid upgrade path from tomcat-9.x
  Resolves: RHEL-79313

* Mon Feb 03 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
- Resolves: RHEL-77325 Missing conflicts in spec file

* Fri Jan 24 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Initial commit on c10s
  Resolves: RHEL-69841
- tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)