Re: HTTP/2 DoS issues announced today - Impact for Apache Tomcat

On 13.08.2019 19:48, Mark Thomas wrote: Today Netflix has published a report highlighting various potential DoS attacks against HTTP/2 implementations [1]. No immediate action is required for Tomcat users since none of the described attacks result in a DoS with Apache Tomcat. The Tomcat

Signing WAR files

are for Tomcat 7.0.23 Suggestion for Patch: java/org/apache/catalina/loader/WebappClassLoader.java change if (jarEntry != null) { entry.certificates = jarEntry.getCertificates(); } to if (jarEntry != null