This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new abb7d43 Add CVE info
abb7d43 is described below
commit abb7d439a3b6ff166851e53a09931af589161465
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jan 6 11:16:38 2020 +0000
Add CVE info
---
webapps/docs/changelog.xml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d6d1cc2..47d4896 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -193,7 +193,7 @@
<fix>
Refactor FORM authentication to reduce duplicate code and to ensure
that
the authenticated Principal is not cached in the session when caching
is
- disabled. (markt)
+ disabled. This is the fix for CVE-2019-17563. (markt/kkolinko)
</fix>
</changelog>
</subsection>
@@ -375,7 +375,8 @@
year and may be removed as soon as the next 8.5.x release. (markt)
</fix>
<fix>
- Refactor JMX remote RMI registry creation. (remm)
+ Refactor JMX remote RMI registry creation. This is the fix for
+ CVE-2019-12418. (remm)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
