announce  

Messages by Thread

• [ANN] Apache Tomcat 9.0.117 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.54 Available Christopher Schultz
• [ANN] End Of Support for Tomcat Native 1.x Christopher Schultz
• [ANN] Apache Tomcat 10.1.53 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.116 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.20 Available Mark Thomas
• [ANN] Apache Tomcat Native 1.3.7 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.14 released Mark Thomas
• [SECURITY] CVE-2026-24733 Apache Tomcat - Security constraint bypass with HTTP/0.9 Mark Thomas
• [SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Mark Thomas
• [SECURITY] CVE-2025-66614 Apache Tomcat - Client certificate verification bypass due to virtual host mapping Mark Thomas
• [ANN] End of support for Apache Tomcat Native 1.3.x Mark Thomas
• [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mark Thomas
• [ANN] Apache Tomcat Native 1.3.6 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.13 released Mark Thomas
• [ANN] Apache Tomcat 11.0.18 Available Mark Thomas
• [ANN] Apache Tomcat 10.1.52 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.115 available Rémy Maucherat
• [ANN] Apache Tomcat Native 1.3.4 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.12 released Mark Thomas
• [ANN] Apache Tomcat 10.1.50 Available Christopher Schultz
• [ANN] Apache Tomcat 11.0.15 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.113 available Rémy Maucherat
• [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.10 Mark Thomas
• [ANN] Apache Tomcat 10.1.49 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.112 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.14 Available Mark Thomas
• [SECURITY] CVE-2025-61795 Apache Tomcat - Delayed cleaning of multipart upload temporary files may lead to DoS Mark Thomas
• [SECURITY] CVE-2025-55752 Apache Tomcat - Directory traversal via rewrite with possible RCE if PUT is enabled Mark Thomas
• [SECURITY] CVE-2025-55754 Apache Tomcat - Console manipulation via escape sequences in log messages Mark Thomas
• [ANN] Apache Tomcat 9.0.110 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.12 Available Mark Thomas
• [ANN] Apache Tomcat 10.1.47 Available Christopher Schultz
• [ANN] Apache Tomcat 11.0.13 Available Mark Thomas
• [ANN] Apache Tomcat 10.1.48 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.111 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.46 Available Christopher Schultz
• [ANN] Apache Tomcat 10.1.45 Available (with IMPORTANT NOTE) Christopher Schultz
• [ANN] Apache Tomcat 11.0.11 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.109 available Rémy Maucherat
• [SECURITY] CVE-2025-55668 Apache Tomcat - Session fixation via rewrite valve Mark Thomas
• [SECURITY] CVE-2025-48989 Apache Tomcat - DoS in HTP/2 - Made You Reset Mark Thomas
• [ANN] Apache Tomcat 10.1.44 Available Christopher Schultz
• [SECURITY] Upcoming updates to recent(ish)Tomcat CVEs Mark Thomas
• [ANN] Apache Tomcat 11.0.10 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.108 available Rémy Maucherat
• [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload [CORRECTION] Christopher Schultz
• [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
  • [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
• [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
  • [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
• [SECURITY] CVE-2025-52434 Apache Tomcat -APR/native Connector crash leading to DoS Mark Thomas
• [ANN] Apache Tomcat 9.0.107 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.9 Available Mark Thomas
• [ANN] Apache Tomcat 10.1.43 Available Christopher Schultz
• [SECURITY] CVE-2025-49124 Apache Tomcat - Side-loading via Tomcat installer for Windows Mark Thomas
• [SECURITY] CVE-2025-49125 Apache Tomcat - Security constraint bypass for pre/post-resources Mark Thomas
• [SECURITY] CVE-2025-48988 Apache Tomcat - DoS in multipart upload Mark Thomas
• [SECURITY] CVE-2025-48976 Apache Tomcat - DoS in Commons FileUpload Mark Thomas
• [ANN] Apache Tomcat 11.0.8 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.106 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.42 Available Christopher Schultz
• [SECURITY] CVE-2025-46701 Apache Tomcat - CGI security constraint bypass Mark Thomas
• [ANN] Apache Tomcat 9.0.105 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.41 Available Christopher Schultz
• [SECURITY] CVE-2025-31651 Apache Tomcat - Rewrite rule bypass Mark Thomas
• [SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header Mark Thomas
• [ANN] Apache Tomcat 9.0.104 available Rémy Maucherat
• [SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
• [ANN] Apache Tomcat 9.0.102 available Rémy Maucherat
• The future of Tomcat 9 Mark Thomas
• [ANN] Apache Tomcat 9.0.100 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.4 Available Mark Thomas
• [ANN] Apache Tomcat 11.0.3 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.99 available Rémy Maucherat
• [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.9 Mark Thomas
• [SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete Mark Thomas
• [SECURITY] CVE-2024-54677 Apache Tomcat - DoS in examples web application Mark Thomas
• [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet Mark Thomas
• [ANN] Apache Tomcat 9.0.98 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.2 Available Mark Thomas
• [SECURITY] CVE-2024-52316 Apache Tomcat - Authentication Bypass Mark Thomas
• [SECURITY] CVE-2024-52318 Apache Tomcat - XSS in generated JSPs Mark Thomas
• [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
  • [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
• [ANN] Apache Tomcat 10.1.33 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.97 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.96 available Rémy Maucherat
• [SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service Mark Thomas
• [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service Mark Thomas
• [ANN] Apache Tomcat 9.0.95 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.30 Available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M26 (beta) available Mark Thomas
• [ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94 Mark Thomas
• [ANN] Apache Tomcat 10.1.29 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.94 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M25 (beta) available Mark Thomas
• [ANN] Apache Tomcat Connectors 1.2.50 released Mark Thomas
• [ANN] Apache Tomcat 10.1.28 Available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M24 (beta) available Mark Thomas
• [ANN] Apache Tomcat 9.0.93 available Rémy Maucherat
• [ANN] Apache Tomcat Native 1.3.1 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.8 released Mark Thomas
• [ANN] Apache Tomcat 10.1.26 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.91 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M22 (beta) available Mark Thomas
• [SECURITY] CVE-2024-34750 Apache Tomcat - Denial of Service Mark Thomas
• [ANN] Apache Tomcat 10.1.25 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.90 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M21 (beta) available Mark Thomas
• [ANN] Apache Tomcat 10.1.24 Available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M20 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 9.0.89 available Rémy Maucherat
• [ANN] Apache Tomcat 9.0.88 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M19 (alpha) available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.20 Available Christopher Schultz
• [ANN] Apache Tomcat 8.5.100 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.87 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M18 (alpha) available Mark Thomas
• [SECURITY] CVE-2024-23672 Apache Tomcat - Denial of Service Mark Thomas
• [SECURITY] CVE-2024-24549 Apache Tomcat - Denial of Service Mark Thomas
• [ANN] Apache Tomcat 8.5.99 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.86 available Rémy Maucherat
• [ANN] Apache Tomcat Native 1.3.0 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.7 released Mark Thomas
• [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
  • Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
• [ANN] Apache Tomcat 9.0.85 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M16 (alpha) available Mark Thomas
• Apache Tomcat 8.5.98 Available Christopher Schultz
• Apache Tomcat 10.1.18 Available Christopher Schultz
• [ANN] Apache Tomcat 9.0.84 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M15 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 8.5.97 available Christopher Schultz
• Apache Tomcat 10.1.17 Available Christopher Schultz
• [SECURITY] CVE-2023-46589 Apache Tomcat - Request Smuggling Mark Thomas
• [ANN] Apache Tomcat 11.0.0-M14 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 9.0.83 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.16 available Christopher Schultz
• [ANN] Apache Tomcat 8.5.96 available Christopher Schultz
• [ANN] Apache Tomcat 8.5.95 available Christopher Schultz
• [ANN] Apache Tomcat 10.1.15 available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M13 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 9.0.82 available Rémy Maucherat
• [SECURITY] CVE-2023-45648 Apache Tomcat - Request Smuggling Mark Thomas
• [SECURITY] CVE-2023-44487 Apache Tomcat - HTTP/2 DoS Mark Thomas
• [SECURITY] CVE-2023-42795 Apache Tomcat - information disclosure Mark Thomas
• [SECURITY] CVE-2023-42794 Apache Tomcat - denial of service Mark Thomas
• [ANN] Apache Tomcat 9.0.81 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.14 available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M12 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 8.5.94 available Christopher Schultz
• [ANN] Apache Tomcat Native 1.2.39 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.6 released Mark Thomas
• [SECURITY] [CORRECTION] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass Christopher Schultz
• [SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Mark Thomas
• [ANN] Apache Tomcat Connectors 1.2.49 released Mark Thomas
• [ANN] Apache Tomcat 8.5.93 available Mark Thomas
• [SECURITY] CVE-2023-41080 Apache Tomcat - open redirect Mark Thomas
• [ANN] Apache Tomcat 9.0.80 available Mark Thomas
• [ANN] Apache Tomcat 10.1.13 available Mark Thomas
• [ANN] Apache Tomcat 11.0.0-M11 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 9.0.79 available Rémy Maucherat
• [ANN] Apache Tomcat 8.5.92 available Mark Thomas
• [ANN] Apache Tomcat 10.1.12 available Mark Thomas
• [ANN] Apache Tomcat 11.0.0-M10 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 11.0.0-M9 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 8.5.91 available Christopher Schultz
• [ANN] Apache Tomcat 10.1.11 available Christopher Schultz
• [ANN] Apache Tomcat 9.0.78 available Rémy Maucherat
• [SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure Mark Thomas
• [ANN] Apache Tomcat 10.1.10 available Christopher Schultz
• [ANN] Apache Tomcat 8.5.90 available Christopher Schultz
• [ANN] Apache Tomcat 9.0.76 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M7 (alpha) available Mark Thomas
• [ANN] Apache Tomcat Native 1.2.37 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.4 released Mark Thomas
• [SECURITY] CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Mark Thomas
• [ANN] Apache Tomcat 8.5.89 available Christopher Schultz
• [ANN] Apache Tomcat 9.0.75 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M6 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 10.1.8 available Christopher Schultz
• [ANN] Apache Tomcat 8.5.88 available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M5 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 9.0.74 available Rémy Maucherat
• [SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure Mark Thomas
• [ANN] Apache Tomcat 11.0.0-M4 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 10.1.7 available Christopher Schultz
• [ANN] Apache Tomcat 8.5.87 available Christopher Schultz
• [ANN] Apache Tomcat 9.0.73 available Rémy Maucherat
• [ANN] Apache Tomcat 10.1.6 available Christopher Schultz
• [ANN] Apache Tomcat 8.5.86 available Christopher Schultz
• [ANN] Apache Tomcat 11.0.0-M3 (alpha) available Mark Thomas
• [ANN] Apache Tomcat 9.0.72 available Rémy Maucherat
• [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
  • [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
• [ANN] Apache Tomcat Native 2.0.3 released Mark Thomas
• [ANN] Apache Tomcat Native 1.2.36 released Mark Thomas
• [ANN] Apache Tomcat 10.1.5 available Mark Thomas

• Earlier messages