Author: markt
Date: Wed Oct 29 10:14:57 2025
New Revision: 1929401
Log:
8.5.x has been EOL for a while. Update security pages.
Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/xdocs/security-3.xml
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
Modified: tomcat/site/trunk/docs/security-3.html
==============================================================================
--- tomcat/site/trunk/docs/security-3.html Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/docs/security-3.html Wed Oct 29 10:14:57 2025
(r1929401)
@@ -10,7 +10,7 @@
<p><strong>Please note that Tomcat 3 is no longer supported. Further
vulnerabilities in the 3.x branches will not be fixed. Users should
upgrade
- to 8.5.x or later to obtain security fixes.</strong></p>
+ to 9.0.x or later to obtain security fixes.</strong></p>
<p>Please send comments or corrections for these vulnerabilities to the
<a href="security.html">Tomcat Security Team</a>.</p>
Modified: tomcat/site/trunk/docs/security-4.html
==============================================================================
--- tomcat/site/trunk/docs/security-4.html Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/docs/security-4.html Wed Oct 29 10:14:57 2025
(r1929401)
@@ -14,7 +14,7 @@
<p><strong>Please note that Tomcat 4.0.x and 4.1.x are no longer supported.
Further vulnerabilities in the 4.0.x and 4.1.x branches will not be
- fixed. Users should upgrade to 8.5.x or later to obtain security fixes.
+ fixed. Users should upgrade to 9.0.x or later to obtain security fixes.
</strong></p>
<p>Please send comments or corrections for these vulnerabilities to the
Modified: tomcat/site/trunk/docs/security-5.html
==============================================================================
--- tomcat/site/trunk/docs/security-5.html Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/docs/security-5.html Wed Oct 29 10:14:57 2025
(r1929401)
@@ -14,7 +14,7 @@
<p><strong>Please note that Tomcat 5.0.x and 5.5.x are no longer supported.
Further vulnerabilities in the 5.0.x and 5.5.x branches will not be
- fixed. Users should upgrade to 8.5.x or later to obtain security fixes.
+ fixed. Users should upgrade to 9.0.x or later to obtain security fixes.
Vulnerabilities fixed in Tomcat 5.5.26 onwards have not been assessed to
determine if they are present in the 5.0.x branch.</strong></p>
Modified: tomcat/site/trunk/docs/security-6.html
==============================================================================
--- tomcat/site/trunk/docs/security-6.html Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/docs/security-6.html Wed Oct 29 10:14:57 2025
(r1929401)
@@ -15,7 +15,7 @@
<p><strong>Please note that Tomcat 6.0.x has reached
<a href="tomcat-60-eol.html">end of life</a> and is no longer supported.
Further vulnerabilities in the 6.0.x branch will not be fixed. Users
- should upgrade to 8.5.x or later to obtain security fixes.</strong></p>
+ should upgrade to 9.0.x or later to obtain security fixes.</strong></p>
<p>Please note that binary patches are never provided. If you need to
apply a source code patch, use the building instructions for the
Modified: tomcat/site/trunk/docs/security-7.html
==============================================================================
--- tomcat/site/trunk/docs/security-7.html Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/docs/security-7.html Wed Oct 29 10:14:57 2025
(r1929401)
@@ -15,7 +15,7 @@
<p><strong>Please note that Tomcat 7.0.x has reached
<a href="tomcat-70-eol.html">end of life</a> and is no longer supported.
Further vulnerabilities in the 7.0.x branch will not be fixed. Users
- should upgrade to 8.5.x or later to obtain security fixes.</strong></p>
+ should upgrade to 9.0.x or later to obtain security fixes.</strong></p>
<p>Please note that binary patches are never provided. If you need to
apply a source code patch, use the building instructions for the
Modified: tomcat/site/trunk/docs/security-8.html
==============================================================================
--- tomcat/site/trunk/docs/security-8.html Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/docs/security-8.html Wed Oct 29 10:14:57 2025
(r1929401)
@@ -15,7 +15,13 @@
<p><strong>Please note that Tomcat 8.0.x has reached
<a href="tomcat-80-eol.html">end of life</a> and is no longer supported.
Vulnerabilities reported after June 2018 were not checked against the
- 8.0.x branch and will not be fixed. Users should upgrade to 8.5.x or
+ 8.0.x branch and will not be fixed. Users should upgrade to 9.0.x or
+ later to obtain security fixes.</strong></p>
+
+ <p><strong>Please note that Tomcat 8.5.x has reached
+ <a href="tomcat-85-eol.html">end of life</a> and is no longer supported.
+ Vulnerabilities reported after 31 March 2024 were not checked against
the
+ 8.5.x branch and will not be fixed. Users should upgrade to 9.0.x or
later to obtain security fixes.</strong></p>
<p>Please note that binary patches are never provided. If you need to
Modified: tomcat/site/trunk/xdocs/security-3.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/xdocs/security-3.xml Wed Oct 29 10:14:57 2025
(r1929401)
@@ -19,7 +19,7 @@
<p><strong>Please note that Tomcat 3 is no longer supported. Further
vulnerabilities in the 3.x branches will not be fixed. Users should
upgrade
- to 8.5.x or later to obtain security fixes.</strong></p>
+ to 9.0.x or later to obtain security fixes.</strong></p>
<p>Please send comments or corrections for these vulnerabilities to the
<a href="security.html">Tomcat Security Team</a>.</p>
Modified: tomcat/site/trunk/xdocs/security-4.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Oct 29 10:14:57 2025
(r1929401)
@@ -23,7 +23,7 @@
<p><strong>Please note that Tomcat 4.0.x and 4.1.x are no longer supported.
Further vulnerabilities in the 4.0.x and 4.1.x branches will not be
- fixed. Users should upgrade to 8.5.x or later to obtain security fixes.
+ fixed. Users should upgrade to 9.0.x or later to obtain security fixes.
</strong></p>
<p>Please send comments or corrections for these vulnerabilities to the
Modified: tomcat/site/trunk/xdocs/security-5.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Oct 29 10:14:57 2025
(r1929401)
@@ -23,7 +23,7 @@
<p><strong>Please note that Tomcat 5.0.x and 5.5.x are no longer supported.
Further vulnerabilities in the 5.0.x and 5.5.x branches will not be
- fixed. Users should upgrade to 8.5.x or later to obtain security fixes.
+ fixed. Users should upgrade to 9.0.x or later to obtain security fixes.
Vulnerabilities fixed in Tomcat 5.5.26 onwards have not been assessed to
determine if they are present in the 5.0.x branch.</strong></p>
Modified: tomcat/site/trunk/xdocs/security-6.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Oct 29 10:14:57 2025
(r1929401)
@@ -24,7 +24,7 @@
<p><strong>Please note that Tomcat 6.0.x has reached
<a href="tomcat-60-eol.html">end of life</a> and is no longer supported.
Further vulnerabilities in the 6.0.x branch will not be fixed. Users
- should upgrade to 8.5.x or later to obtain security fixes.</strong></p>
+ should upgrade to 9.0.x or later to obtain security fixes.</strong></p>
<p>Please note that binary patches are never provided. If you need to
apply a source code patch, use the building instructions for the
Modified: tomcat/site/trunk/xdocs/security-7.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/xdocs/security-7.xml Wed Oct 29 10:14:57 2025
(r1929401)
@@ -24,7 +24,7 @@
<p><strong>Please note that Tomcat 7.0.x has reached
<a href="tomcat-70-eol.html">end of life</a> and is no longer supported.
Further vulnerabilities in the 7.0.x branch will not be fixed. Users
- should upgrade to 8.5.x or later to obtain security fixes.</strong></p>
+ should upgrade to 9.0.x or later to obtain security fixes.</strong></p>
<p>Please note that binary patches are never provided. If you need to
apply a source code patch, use the building instructions for the
Modified: tomcat/site/trunk/xdocs/security-8.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml Wed Oct 29 08:30:16 2025
(r1929400)
+++ tomcat/site/trunk/xdocs/security-8.xml Wed Oct 29 10:14:57 2025
(r1929401)
@@ -24,7 +24,13 @@
<p><strong>Please note that Tomcat 8.0.x has reached
<a href="tomcat-80-eol.html">end of life</a> and is no longer supported.
Vulnerabilities reported after June 2018 were not checked against the
- 8.0.x branch and will not be fixed. Users should upgrade to 8.5.x or
+ 8.0.x branch and will not be fixed. Users should upgrade to 9.0.x or
+ later to obtain security fixes.</strong></p>
+
+ <p><strong>Please note that Tomcat 8.5.x has reached
+ <a href="tomcat-85-eol.html">end of life</a> and is no longer supported.
+ Vulnerabilities reported after 31 March 2024 were not checked against
the
+ 8.5.x branch and will not be fixed. Users should upgrade to 9.0.x or
later to obtain security fixes.</strong></p>
<p>Please note that binary patches are never provided. If you need to
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
