This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 7aaaf4b Add CVE info
7aaaf4b is described below
commit 7aaaf4b54eb72d506ef73e7dbb0cf27c4632a47b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jan 6 11:17:10 2020 +0000
Add CVE info
---
webapps/docs/changelog.xml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index db2a11d..6c2e7b3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -132,7 +132,7 @@
<fix>
Refactor FORM authentication to reduce duplicate code and to ensure
that
the authenticated Principal is not cached in the session when caching
is
- disabled. (markt)
+ disabled. This is the fix for CVE-2019-17563. (markt/kkolinko)
</fix>
<update>
Do not store username and password as session notes during
@@ -231,7 +231,8 @@
<bug>63905</bug> Clean up Tomcat CSS. (michaelo)
</update>
<fix>
- Refactor JMX remote RMI registry creation. (remm)
+ Refactor JMX remote RMI registry creation. This is the fix for
+ CVE-2019-12418. (remm)
</fix>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
