Change log for tomcat9 package in Ubuntu
1 → 47 of 47 results | First • Previous • Next • Last |
tomcat9 (9.0.31-1ubuntu0.5) focal-security; urgency=medium * SECURITY UPDATE: Incorrect handling of requests enables potential smuggling attack - debian/patches/CVE-2022-42252.patch: Requests with invalid content- length should always be rejected - CVE-2022-42252 -- Bruce Cable <email address hidden> Thu, 04 Jul 2024 09:44:24 +1000
Available diffs
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
Deleted in mantic-proposed (Reason: mantic->noble) |
tomcat9 (9.0.70-2) unstable; urgency=medium * Team upload. * Drop tomcat9 server packages because only one Tomcat version is supported per release. Only retain libtomcat9-java because of compatibility reasons for now. Users are strongly encouraged to switch to Tomcat 10 instead. (Closes: #1034824) -- Markus Koschany <email address hidden> Sat, 27 May 2023 17:51:32 +0200
Available diffs
Superseded in noble-release |
Published in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
tomcat9 (9.0.70-1ubuntu1) lunar; urgency=medium * Merge with Debian unstable. Remaining changes: - Fix logging for unprivileged rsyslogd (LP #1964881): + d/logrotate.template: use syslog:adm for log rotation so that rsyslog can write to the file + d/rsyslog/tomcat9.conf: drop "fileOwner" as it cannot be set by an unprivileged rsyslogd + d/tomcat9.postinst: adjust ownership of catalina.out so that rsyslogd can write to it. Also change the rotated log files for consistency. -- Andreas Hasenack <email address hidden> Thu, 22 Dec 2022 15:00:21 -0300
Available diffs
- diff from 9.0.65-1ubuntu1 to 9.0.70-1ubuntu1 (229.3 KiB)
tomcat9 (9.0.31-1ubuntu0.4) focal; urgency=medium * d/p/lp1903851-multipart-upload-over-https.patch: apply revert from 9.0.32 to fix multi-part upload over HTTPS (LP: #1903851) -- Tom Moyer <email address hidden> Fri, 18 Nov 2022 19:07:15 +0000
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
tomcat9 (9.0.65-1ubuntu1) kinetic; urgency=medium * Merge with Debian unstable. Remaining changes: - Fix logging for unprivileged rsyslogd (LP #1964881): + d/logrotate.template: use syslog:adm for log rotation so that rsyslog can write to the file + d/rsyslog/tomcat9.conf: drop "fileOwner" as it cannot be set by an unprivileged rsyslogd + d/tomcat9.postinst: adjust ownership of catalina.out so that rsyslogd can write to it. Also change the rotated log files for consistency. -- Andreas Hasenack <email address hidden> Mon, 15 Aug 2022 09:06:28 -0300
Available diffs
- diff from 9.0.64-2ubuntu1 to 9.0.65-1ubuntu1 (34.4 KiB)
tomcat9 (9.0.31-1ubuntu0.3) focal; urgency=medium * Fix logging for unprivileged rsyslogd (LP: #1964881): - d/logrotate.template: use syslog:adm for log rotation so that rsyslog can write to the file - d/tomcat9.postinst: adjust ownership of catalina.out so that rsyslogd can write to it. Also change the rotated log files for consistency. - d/tomcat9.tmpfile: /var/log/tomcat9 should be 02770 now -- Andreas Hasenack <email address hidden> Wed, 20 Jul 2022 15:09:00 -0300
Available diffs
tomcat9 (9.0.58-1ubuntu0.1) jammy; urgency=medium * Fix logging for unprivileged rsyslogd (LP: #1964881): - d/logrotate.template: use syslog:adm for log rotation so that rsyslog can write to the file - d/rsyslog/tomcat9.conf: drop "fileOwner" as it cannot be set by an unprivileged rsyslogd - d/tomcat9.postinst: adjust ownership of catalina.out so that rsyslogd can write to it. Also change the rotated log files for consistency. -- Andreas Hasenack <email address hidden> Wed, 20 Jul 2022 16:05:45 -0300
Available diffs
tomcat9 (9.0.64-2ubuntu1) kinetic; urgency=medium * Fix logging for unprivileged rsyslogd (LP: #1964881): - d/logrotate.template: use syslog:adm for log rotation so that rsyslog can write to the file - d/rsyslog/tomcat9.conf: drop "fileOwner" as it cannot be set by an unprivileged rsyslogd - d/tomcat9.postinst: adjust ownership of catalina.out so that rsyslogd can write to it. Also change the rotated log files for consistency. -- Andreas Hasenack <email address hidden> Thu, 23 Jun 2022 18:02:52 -0300
Available diffs
tomcat9 (9.0.64-2) unstable; urgency=medium * Fallback to the default log formatter when systemd isn't used * Depend on systemd-sysusers and systemd-tmpfiles instead of systemd * Depend on libeclipse-jdt-core-java (>= 3.26.0) -- Emmanuel Bourg <email address hidden> Tue, 21 Jun 2022 14:59:03 +0200
Available diffs
- diff from 9.0.64-1 to 9.0.64-2 (1.4 KiB)
tomcat9 (9.0.64-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Standards-Version updated to 4.6.1 -- Emmanuel Bourg <email address hidden> Mon, 20 Jun 2022 15:17:59 +0200
Available diffs
- diff from 9.0.63-1 to 9.0.64-1 (38.4 KiB)
tomcat9 (9.0.63-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.63. - Fix CVE-2022-29885: Improve documentation for the EncryptInterceptor and do not claim it protects against all risks associated with running over any untrusted network. -- Markus Koschany <email address hidden> Fri, 13 May 2022 14:04:35 +0200
Available diffs
- diff from 9.0.62-1 to 9.0.63-1 (60.1 KiB)
tomcat9 (9.0.62-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.62. * Drop 0027-java11-compilation.patch because it is apparently no longer required. * Refresh disable-jacoco.patch for new release. * Depend on java11-runtime-headless because Java 8 is no longer supported. Thanks to Per Lundberg for the report. (Closes: #1006647) -- Markus Koschany <email address hidden> Fri, 29 Apr 2022 23:10:59 +0200
Available diffs
- diff from 9.0.58-1 to 9.0.62-1 (141.3 KiB)
tomcat9 (9.0.16-3ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: TLS Denial of Service - debian/patches/CVE-2021-41079.patch: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. - CVE-2021-41079 * SECURITY UPDATE: Authentication Vulnerability - debian/patches/CVE-2021-30640.patch: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a validc user name and/or to bypass some of the protection provided by the LockOut Realm. - CVE-2021-30640 * SECURITY UPDATE: Request Smuggling - debian/patches/CVE-2021-33037.patch: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. - CVE-2021-33037 * SECURITY UPDATE: remote code execution via session persistence - debian/patches/CVE-2021-25329.patch: The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. - CVE-2021-25329 * SECURITY UPDATE: Request Header Duplication - debian/patches/CVE-2021-25122.patch: When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. - CVE-2021-25122 * SECURITY UPDATE: HTTP/2 request header mix-up - debian/patches/CVE-2020-17527.patch: HTTP/2 It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. - CVE-2020-17527 * SECURITY UPDATE: HTTP/2 request mix-up - debian/patches/CVE-2020-13943.patch: If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. - CVE-2020-13943 -- Paulo Flabiano Smorigo <email address hidden> Tue, 29 Mar 2022 15:05:11 +0000
Available diffs
tomcat9 (9.0.31-1ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: TLS Denial of Service - debian/patches/CVE-2021-41079.patch: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. - CVE-2021-41079 * SECURITY UPDATE: Authentication Vulnerability - debian/patches/CVE-2021-30640.patch: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a validc user name and/or to bypass some of the protection provided by the LockOut Realm. - CVE-2021-30640 * SECURITY UPDATE: Request Smuggling - debian/patches/CVE-2021-33037.patch: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. - CVE-2021-33037 * SECURITY UPDATE: remote code execution via session persistence - debian/patches/CVE-2021-25329.patch: The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. - CVE-2021-25329 * SECURITY UPDATE: Request Header Duplication - debian/patches/CVE-2021-25122.patch: When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. - CVE-2021-25122 * SECURITY UPDATE: HTTP/2 request header mix-up - debian/patches/CVE-2020-17527.patch: HTTP/2 It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. - CVE-2020-17527 * SECURITY UPDATE: HTTP/2 request mix-up - debian/patches/CVE-2020-13943.patch: If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. - CVE-2020-13943 -- Evren Yurtesen <email address hidden> Wed, 16 Mar 2022 20:51:24 +0200
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
tomcat9 (9.0.58-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.58. * Add disable-jacoco.patch and remove the dependency on jacoco when running the test suite. -- Markus Koschany <email address hidden> Wed, 09 Feb 2022 15:51:20 +0100
Available diffs
- diff from 9.0.55-1 to 9.0.58-1 (182.7 KiB)
tomcat9 (9.0.55-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.55. -- Markus Koschany <email address hidden> Mon, 15 Nov 2021 22:12:42 +0100
Available diffs
- diff from 9.0.54-1 to 9.0.55-1 (46.8 KiB)
tomcat9 (9.0.54-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.54. - Fix CVE-2021-42340: The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. * Update 0010-debianize-build-xml.patch and depend on the setup-bnd task to prevent a FTBFS when building the tests. This replaces the workaround by setting addOSGi to false. Thanks to Aurimas Fišeras for the report. -- Markus Koschany <email address hidden> Fri, 22 Oct 2021 21:59:08 +0200
Available diffs
- diff from 9.0.43-3 to 9.0.54-1 (744.7 KiB)
- diff from 9.0.53-1 to 9.0.54-1 (42.3 KiB)
tomcat9 (9.0.53-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.53. - Drop security patches. Fixed upstream. - Fix CVE-2021-41079: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. * Declare compliance with Debian Policy 4.6.0. * Set the fileOwner of catalina.out to tomcat explicitly. Thanks to Adam Cecile for the report. (Closes: #987179) * Refresh 0021-dont-test-unsupported-ciphers.patch * tomcat9.cron.daily: Set maxdepth to 1 so that log files of custom applications in subdirectories of /var/log/tomcat9 are not compressed. Thanks to Ludovic Pouzenc for the report. (Closes: #982961) * Exclude TestJNDIRealmIntegration because of missing dependencies. * d/rules: dh_auto_test override: Set addOSGi to false when building the tests to prevent a FTBFS. -- Markus Koschany <email address hidden> Fri, 24 Sep 2021 15:37:51 +0200
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
tomcat9 (9.0.43-3) unstable; urgency=medium * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 -- Markus Koschany <email address hidden> Tue, 10 Aug 2021 17:17:56 +0200
Available diffs
- diff from 9.0.43-2 to 9.0.43-3 (1.1 KiB)
tomcat9 (9.0.43-2) unstable; urgency=medium * Team upload. [ mirabilos ] * fix /var/log/tomcat9 permissions fixup for commit 51128fe9fb2d4d0b56be675d845cf92e4301a6c3 [ Markus Koschany ] * Fix CVE-2021-30640: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. * Fix CVE-2021-33037: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. (Closes: #991046) -- Markus Koschany <email address hidden> Sat, 07 Aug 2021 00:11:43 +0200
Available diffs
- diff from 9.0.43-1 to 9.0.43-2 (6.8 KiB)
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
tomcat9 (9.0.43-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Rotate the catalina.out log file with the tomcat user (Closes: #971583) * Switch to debhelper level 13 -- Emmanuel Bourg <email address hidden> Tue, 02 Feb 2021 20:23:51 +0100
Available diffs
- diff from 9.0.41-1 to 9.0.43-1 (157.4 KiB)
tomcat9 (9.0.41-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Standards-Version updated to 4.5.1 -- Emmanuel Bourg <email address hidden> Wed, 09 Dec 2020 16:03:00 +0100
Available diffs
- diff from 9.0.40-1 to 9.0.41-1 (19.3 KiB)
tomcat9 (9.0.40-1) unstable; urgency=medium [ Emmanuel Bourg ] * New upstream release - Refreshed the patches * Changed the home directory of the tomcat user to /var/lib/tomcat (Closes: #926338) [ Vincent McIntyre ] * Automatically export the JAVA_HOME environment variable when the value is defined in /etc/defaults/tomcat9 (Closes: #966338) -- Emmanuel Bourg <email address hidden> Tue, 24 Nov 2020 08:21:29 +0100
Available diffs
- diff from 9.0.39-1 to 9.0.40-1 (110.2 KiB)
tomcat9 (9.0.31-1ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: HTTP/2 Denial of Service - debian/patches/CVE-2020-13934.patch: ensure that the HTTP/1.1 processor is correctly recycled when a direct connection to h2c is made - CVE-2020-13934 * SECURITY UPDATE: WebSocket Denial of Service - debian/patches/CVE-2020-13935.patch: add additional validation of payload length for WebSocket messages - CVE-2020-13935 * SECURITY UPDATE: HTTP/2 Denial of Service - debian/patches/CVE-2020-11996.patch: improve performance of closing idle HTTP/2 streams - CVE-2020-11996 * SECURITY UPDATE: remote code execution via session persistence - debian/patches/CVE-2020-9484.patch: improve validation of storage location when using FileStore - CVE-2020-9484 -- Emilia Torino <email address hidden> Tue, 20 Oct 2020 09:27:39 -0300
Available diffs
tomcat9 (9.0.39-1) unstable; urgency=medium * New upstream release - Refreshed the patches * tomcat9-user now depends on netcat-openbsd instead of netcat (Closes: #966158) -- Emmanuel Bourg <email address hidden> Mon, 12 Oct 2020 17:16:57 +0200
Available diffs
- diff from 9.0.37-3 to 9.0.39-1 (339.9 KiB)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
tomcat9 (9.0.37-3) unstable; urgency=medium * control: Bump build-dep on bnd, drop bnd compat and re-export patches. (Closes: #964433) -- Timo Aaltonen <email address hidden> Thu, 06 Aug 2020 18:59:11 +0300
Available diffs
- diff from 9.0.36-1 to 9.0.37-3 (53.6 KiB)
- diff from 9.0.37-2 to 9.0.37-3 (1.4 KiB)
tomcat9 (9.0.37-2) unstable; urgency=medium * d/p/0029-fix-regression-in-bz64540.patch: Re-export util.net.jsse and util.modeler.modules. (Closes: #964433) -- Timo Aaltonen <email address hidden> Tue, 28 Jul 2020 14:09:13 +0300
Available diffs
- diff from 9.0.37-1 to 9.0.37-2 (892 bytes)
tomcat9 (9.0.37-1) unstable; urgency=medium * New upstream release - Refreshed the patches - Fixed the compatibility with the version of bnd in Debian * Restored execute permission on /var/log/tomcat9 to the adm group -- Emmanuel Bourg <email address hidden> Mon, 06 Jul 2020 22:39:32 +0200
Available diffs
- diff from 9.0.36-1 to 9.0.37-1 (53.7 KiB)
tomcat9 (9.0.36-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Grant write access on /var/log/tomcat9 to the adm group (LP: #1861881) -- Emmanuel Bourg <email address hidden> Tue, 23 Jun 2020 11:47:47 +0200
Available diffs
- diff from 9.0.35-1 to 9.0.36-1 (39.4 KiB)
tomcat9 (9.0.35-1) unstable; urgency=medium * New upstream release - Fixes CVE-2020-9484: Remote Code Execution via session persistence (Closes: #961209) - Refreshed the patches -- Emmanuel Bourg <email address hidden> Thu, 21 May 2020 15:50:03 +0200
Available diffs
- diff from 9.0.34-1 to 9.0.35-1 (254.8 KiB)
tomcat9 (9.0.34-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Depend on libeclipse-jdt-core-java (>= 3.18.0) * Switch to debhelper level 12 -- Emmanuel Bourg <email address hidden> Mon, 27 Apr 2020 00:36:59 +0200
Available diffs
- diff from 9.0.31-1 to 9.0.34-1 (156.2 KiB)
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
tomcat9 (9.0.31-1) unstable; urgency=medium * New upstream release - Fixes CVE-2019-10072: Denial of Service (Closes: #930872) - Fixes CVE-2019-12418: Local Privilege Escalation - Fixes CVE-2019-17563: Session fixation attack - Fixes CVE-2019-17569: HTTP Request Smuggling - Fixes CVE-2020-1935: HTTP Request Smuggling - Fixes CVE-2020-1938: AJP Request Injection (Closes: #952437) - Fixes CATALINA_PID handling in catalina.sh (Closes: #948553) - Refreshed the patches - Fixed the compilation with Java 11 * Moved the RequiresMountsFor directive in the service file to the Unit section (Closes: #942316) * Tightened the dependency on systemd (Closes: #931997) * Standards-Version updated to 4.5.0 -- Emmanuel Bourg <email address hidden> Mon, 24 Feb 2020 23:37:00 +0100
Available diffs
- diff from 9.0.27-1 to 9.0.31-1 (215.1 KiB)
tomcat9 (9.0.27-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Standards-Version updated to 4.4.1 -- Emmanuel Bourg <email address hidden> Mon, 14 Oct 2019 11:31:50 +0200
Available diffs
- diff from 9.0.24-1 to 9.0.27-1 (181.1 KiB)
tomcat9 (9.0.16-3ubuntu0.19.04.1) disco-security; urgency=medium * SECURITY UPDATE: XSS attack on SSI printenv command - debian/patches/CVE-2019-0221.patch: escape debug output to aid readability - CVE-2019-0221 * SECURITY UPDATE: DoS via thread exhaustion - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout handling to connection window exhaustion on write. - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle full allocation case. - CVE-2019-10072 -- Emilia Torino <email address hidden> Wed, 11 Sep 2019 14:56:27 -0300
Available diffs
tomcat9 (9.0.16-3ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: XSS attack on SSI printenv command - debian/patches/CVE-2019-0221.patch: escape debug output to aid readability - CVE-2019-0221 * SECURITY UPDATE: DoS via thread exhaustion - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout handling to connection window exhaustion on write. - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle full allocation case. - CVE-2019-10072 -- Emilia Torino <email address hidden> Wed, 11 Sep 2019 16:47:51 -0300
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
tomcat9 (9.0.24-1) unstable; urgency=medium * New upstream release - Refreshed the patches -- Emmanuel Bourg <email address hidden> Thu, 22 Aug 2019 13:55:14 +0200
Available diffs
- diff from 9.0.22-1 to 9.0.24-1 (118.7 KiB)
tomcat9 (9.0.22-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Track and download the new releases from GitHub * Standards-Version updated to 4.4.0 -- Emmanuel Bourg <email address hidden> Fri, 12 Jul 2019 15:01:28 +0200
Available diffs
- diff from 9.0.16-4 to 9.0.22-1 (317.2 KiB)
tomcat9 (9.0.16-4) unstable; urgency=medium * Team upload. [ Emmanuel Bourg ] * Fixed CVE-2019-0221: The SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default (Closes: #929895) [ Thorsten Glaser ] * Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses a suitable GC automatically anyway (Closes: #925928) * Correct the ownership and permissions on the log directory: group adm and setgid (Closes: #925929) * Make the startup script honour the (renamed) $SECURITY_MANAGER * debian/libexec/tomcat-locate-java.sh: Remove shebang and make not executable as this is only ever sourced (makes no sense otherwise) [ Christian Hänsel ] * Restored the variable expansion in /etc/default/tomcat9 (Closes: #926319) -- Emmanuel Bourg <email address hidden> Thu, 13 Jun 2019 23:26:12 +0200
Available diffs
- diff from 9.0.16-3 to 9.0.16-4 (2.3 KiB)
Obsolete in cosmic-updates |
Obsolete in cosmic-security |
Deleted in cosmic-proposed (Reason: moved to -updates) |
tomcat9 (9.0.16-3~18.10) cosmic; urgency=medium * Backport for OpenJDK 11. LP: #1817567.
Available diffs
Superseded in bionic-updates |
Superseded in bionic-security |
Deleted in bionic-proposed (Reason: moved to -updates) |
tomcat9 (9.0.16-3~18.04.1) bionic; urgency=medium * Don't set nologin shell in sysusers.d/tomcat9.conf It is the default anyway and systemd-sysusers in 18.04 can't parse it. (LP: #1823125)
Available diffs
tomcat9 (9.0.16-3~18.04) bionic; urgency=medium * Backport for OpenJDK 11. LP: #1817567.
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
tomcat9 (9.0.16-3) unstable; urgency=medium * Removed read/write access to /var/lib/solr (Closes: #923299) * Removed the broken catalina-ws.jar and catalina-jmx-remote.jar symlinks in /usr/share/tomcat9/lib/ -- Emmanuel Bourg <email address hidden> Tue, 26 Feb 2019 09:31:13 +0100
Available diffs
- diff from 9.0.16-2 to 9.0.16-3 (640 bytes)
tomcat9 (9.0.16-2) unstable; urgency=medium * Team upload. * tomcat9.service: Permit read and write access to /var/lib/solr too. (Closes: #919638) -- Markus Koschany <email address hidden> Mon, 18 Feb 2019 20:58:51 +0100
Available diffs
- diff from 9.0.16-1 to 9.0.16-2 (473 bytes)
tomcat9 (9.0.16-1) unstable; urgency=medium * New upstream release - Refreshed the patches - Install the new Chinese, Czech, German, Korean and Portuguese translations - No longer build the extra WS and JMX jars * Standards-Version updated to 4.3.0 -- Emmanuel Bourg <email address hidden> Fri, 08 Feb 2019 08:26:48 +0100
Available diffs
- diff from 9.0.14-1 to 9.0.16-1 (470.9 KiB)
tomcat9 (9.0.14-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Create the /var/log/tomcat9/ and /var/cache/tomcat9/ directories at install time (Closes: #915791) * Tightened the dependency on systemd -- Emmanuel Bourg <email address hidden> Wed, 12 Dec 2018 13:45:52 +0100
Available diffs
- diff from 9.0.13-2 to 9.0.14-1 (441.7 KiB)
tomcat9 (9.0.13-2) unstable; urgency=medium * Install the tomcat-embed-* artifacts with the 9.x version (Closes: #915578) * Modified the dependencies required for creating the tomcat user (adduser is replaced by systemd) (Closes: #915586) * Fixed the tomcat-jasper pom to reference the ECJ dependency from libeclipse-jdt-core-java * Removed the redundant ReadWritePaths options in the service file for the log and cache directories (Thanks to Lennart Poettering for the suggestion) -- Emmanuel Bourg <email address hidden> Wed, 05 Dec 2018 10:04:52 +0100
Available diffs
- diff from 9.0.13-1 to 9.0.13-2 (945 bytes)
tomcat9 (9.0.13-1) unstable; urgency=medium * New upstream release - Refreshed the patches - Renamed the package to tomcat9 - Removed the libservlet3.1-java package. From now on the Servlet API is packaged in a separate package independent from Tomcat. - Depend on libeclipse-jdt-core-java (>= 3.14.0) instead of libecj-java - Updated the policy files in /etc/tomcat8/policy.d/ - Use the OSGi metadata generated by the upstream build - Deploy the Tomcat artifacts in the Maven repository with the 9.x version - Updated the README file * Removed the SysV init script * Restart the server automatically on failures * Use a fixed non-configurable user 'tomcat' to run the server * Removed the debconf integration. The user being now unmodifiable, the remaining configuration parameter JAVA_OPTS can be edited in /etc/default/tomcat9 * No longer add the 'common', 'server' and 'shared' directories under CATALINA_HOME and CATALINA_BASE to the classpath. Extra jar files should go to the 'lib' directory. * Let Tomcat handle the rotation of its log files with the maxDays parameter of the valves and log handlers instead of relying on a cron job * Renamed the TOMCAT_SECURITY parameter to SECURITY_MANAGER in the service configuration file * Simplified the postinst script by using systemd-sysusers to create the 'tomcat' user * No longer create the /etc/tomcat9/Catalina/localhost directory at install time and let Tomcat create it automatically * Let systemd automatically create /var/log/tomcat9 and /var/cache/tomcat9 * Prevent Tomcat from writing outside of /var/log/tomcat9, /var/cache/tomcat9, /var/lib/tomcat9/webapps and /etc/tomcat9/Catalina by default. This can be overridden (see the README file). * Build and install the extra jar catalina-ws.jar * No longer recommend libcommons-pool-java and libcommons-dbcp-java since Tomcat already embeds its own version of these libraries * Support three-way merge when upgrading the configuration files * Use the G1 garbage collector by default instead of Concurrent Mark Sweep * The setenv.sh script in tomcat9-user and the service startup script now share the same JDK detection logic -- Emmanuel Bourg <email address hidden> Wed, 28 Nov 2018 15:06:00 +0100
1 → 47 of 47 results | First • Previous • Next • Last |