Hassan,
On 7/17/25 1:04 PM, Jacobs, Hassan wrote:
I am reaching out in regards to multiple vulnerabilities that we have
found in our servers with you all. Is there a representative that we
could speak with?
You're speaking to the whole community. The ASF does not provide support
through any
If you haven't already, you should review:
https://tomcat.apache.org/security-9.html
Also consider migrating / upgrading to the most recent 9.0.x version.
On Thu, Jul 17, 2025 at 1:05 PM Jacobs, Hassan
wrote:
> Greetings,
>
>
>
> I am reaching out in regards to multiple vulnerabilities that we
Greetings,
I am reaching out in regards to multiple vulnerabilities that we have found in
our servers with you all. Is there a representative that we could speak with?
Very Respectfully,
Hassan Jacobs
SAP Analyst
EZGO
[cid:image001.png@01DBF71B.566B1E80]
hat.
>
LOL, same.
>
> -chris
>
> > From: Christopher Schultz
> > Date: Monday, 14 July 2025 at 19:34
> > To: users@tomcat.apache.org
> > Subject: Re: RHEL 10 Compatibility for Apache Tomcat 8.x, 9.x, 10.x, and
> 11.x
> > Bharath,
> >
> >
appreciated.
If Red Hat drops support for Apache httpd, I'll eat my (red) hat.
-chris
From: Christopher Schultz
Date: Monday, 14 July 2025 at 19:34
To: users@tomcat.apache.org
Subject: Re: RHEL 10 Compatibility for Apache Tomcat 8.x, 9.x, 10.x, and 11.x
Bharath,
On 7/14/25 9:17 AM, Cheruku
: users@tomcat.apache.org
Subject: Re: RHEL 10 Compatibility for Apache Tomcat 8.x, 9.x, 10.x, and 11.x
Bharath,
On 7/14/25 9:17 AM, Cheruku, B.R. (Bharath) wrote:
> I would like to ask if anyone in the community has experience running
> Apache Tomcat versions 8.x, 9.x, 10.x, or 11.x on R
Bharath,
On 7/14/25 9:17 AM, Cheruku, B.R. (Bharath) wrote:
I would like to ask if anyone in the community has experience running
Apache Tomcat versions 8.x, 9.x, 10.x, or 11.x on Red Hat Enterprise
Linux 10 (RHEL 10).
Are there any known issues, limitations, or recommendations for these
Hello,
I would like to ask if anyone in the community has experience running Apache
Tomcat versions 8.x, 9.x, 10.x, or 11.x on Red Hat Enterprise Linux 10 (RHEL
10).
Are there any known issues, limitations, or recommendations for these versions
on RHEL 10?
Additionally, if there is any
Mark,
Oops, I'm sorry I didn't see this correction and just sent one of my own. :(
-chris
On 7/10/25 3:18 PM, Mark Thomas wrote:
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Version
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart
Joey,
On 7/10/25 3:14 PM, Joey Cochran wrote:
Is this accurate?
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.42
Mitigation:
- Upgrade to Apache Tomcat 10.1.32 or later
Nope, this should be "Upgrade to 10.1.43 or later".
Thanks for noticing; we'll get this corrected an
Correcting typo in fixed versions
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource
Correcting typo in fixed versions
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some
Mark,
Is this accurate?
Versions Affected:
Apache Tomcat 10.1.0-M1 to 10.1.42
Mitigation:
- Upgrade to Apache Tomcat 10.1.32 or later
Thanks!
-Joey
[cid:d114c52d-730d-4ed5-9b19-db4e930e1068]
Joey Cochran
Systems Administrator II
Middleware Developer
Information Technology
CVE-2025-53506 Apache Tomcat - DoS in HTTP/2
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
An uncontrolled resource consumption vulnerability if an
CVE-2025-52520 Apache Tomcat - DoS in multipart upload
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.8
Apache Tomcat 10.1.0-M1 to 10.1.42
Apache Tomcat 9.0.0.M1 to 9.0.106
Description:
For some unlikely configurations of multipart
CVE-2025-49125 Apache Tomcat - APR/Native Connector crash leading to DoS
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
A race condition on connection close could trigger a JVM crash when
using the APR/Native
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.107.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.107 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.9.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.43.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
On 04/07/2025 06:37, Rolandas Karosas | Edrana Baltic wrote:
Different value for securePagesWithPragma on the authenticator for the
two system being tested?
No. authenticator is not used at all.
Yes, it is. There are security constraints so there will be an
authenticator even if it is the
> Different value for securePagesWithPragma on the authenticator for the
> two system being tested?
No. authenticator is not used at all.
On 03/07/2025 11:18, Rolandas Karosas | Edrana Baltic wrote:
Hi,
On Apache Tomcat 10.1.42 with configured SSL Connector
web application with Spring, Spring Security
returns the configured Default Spring Security Cache Control HTTP Response
Headers
Cache-Control: no-cache, no-store, max-age
Hi,
On Apache Tomcat 10.1.42 with configured SSL Connector
web application with Spring, Spring Security
returns the configured Default Spring Security Cache Control HTTP Response
Headers
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
But when I add to
[like] Marco Krammer reacted to your message:
From: Mark Thomas
Sent: Monday, June 16, 2025 1:59:33 PM
To: Tomcat Users List
Cc: annou...@apache.org ; annou...@tomcat.apache.org
; Tomcat Developers List
Subject: [SECURITY] CVE-2025-49125 Apache Tomcat
CVE-2025-49125 Apache Tomcat - Security constraint bypass for
pre/post-resources
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
When using
CVE-2025-49124 Apache Tomcat - Side-loading via Tomcat installer for Windows
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0 to 10.1.41
Apache Tomcat 9.0.23 to 9.0.105
Description:
During installation, the Tomcat
CVE-2025-48988 Apache Tomcat - DoS in multipart upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
Tomcat used the same limit for both request
CVE-2025-48976 Apache Tomcat - DoS in Commons FileUpload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.7
Apache Tomcat 10.1.0-M1 to 10.1.41
Apache Tomcat 9.0.0.M1 to 9.0.105
Description:
Apache Commons FileUpload provided a hard
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.8.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.106.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.106 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.42.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
Apache Tomcat - CGI security constraint
bypass
CVE-2025-46701 Apache Tomcat - CGI security constraint bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.6
Apache Tomcat 10.1.0-M1 to 10.1.40
Apache Tomcat 9.0.0.M1 to 9.0.104
Description
CVE-2025-46701 Apache Tomcat - CGI security constraint bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.6
Apache Tomcat 10.1.0-M1 to 10.1.40
Apache Tomcat 9.0.0.M1 to 9.0.104
Description:
When running on a case insensitive file
William,
On 4/9/25 11:09 AM, William Crowell wrote:
Is there any current up-to-date documentation on how to setup Apache
Tomcat 9 with SAML and Active Directory that is not AI generated?
I know you can do Keycloak IdP with Tomcat, but I was trying to
avoid setting up an identity provider.
I
ate this POC PR
https://github.com/apache/tomcat/pull/856
WDYT?
On Fri, May 2, 2025 at 1:42 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Ernesto,
>
> On 5/1/25 8:51 PM, Ernesto Reinaldo Barreiro wrote:
> > We have an Apache Wicket application that I just port
> On May 12, 2025, at 2:01 PM, Rémy Maucherat wrote:
>
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.105.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expr
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.105.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.104 is a bugfix and
Hi,
It seems this happens also with tomcat 10.1.x under certain circumstances.
I have create
https://github.com/reiern70/file-upload-broken
to illustrate the problem. Hope this helps reproduce the problem. If I can
further assist getting this "fixed" please let me know
On Fri, May 2, 2025 at 2:
Hi,
Mamy thanks for your email.
On Fri, May 2, 2025 at 1:42 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Ernesto,
>
> On 5/1/25 8:51 PM, Ernesto Reinaldo Barreiro wrote:
> > We have an Apache Wicket application that I just ported to wicket 10. The
> > application works as expe
Ernesto,
On 5/1/25 8:51 PM, Ernesto Reinaldo Barreiro wrote:
We have an Apache Wicket application that I just ported to wicket 10. The
application works as expected with the latest Tomcat 10.1.40. But our
application does not work with Tomcat 11.0.6 because file upload (multipart
processing is b
process/captureandconfirm.vpp
>
>
>
> This part we have. Using annotations.
>
>
>
>
> Rick Noel
> Systems Programmer | Westwood One
> rn...@westwoodone.com
>
> -----Original Message-
> From: Ernesto Reinaldo Barreiro
> Sent: Thursday, May 1,
uploadfile
/record/process/captureandconfirm.vpp
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Ernesto Reinaldo Barreiro
Sent: Thursday, May 1, 2025 8:51 PM
To: users@tomcat.apache.org
Subject: [EXT]multipart and Apache Tomcat 11
Hi,
We have an Apache Wicket application that I just ported to wicket 10. The
application works as expected with the latest Tomcat 10.1.40. But our
application does not work with Tomcat 11.0.6 because file upload (multipart
processing is broken).
Apache wicket 10.x uses fileupload2.jakarta.servle
gards,
William Crowell
From: Christopher Schultz
Date: Tuesday, April 29, 2025 at 10:32 AM
To: Tomcat Users List , William Crowell
Subject: Re: When was the first stable GA release of Apache Tomcat 11.0.x?
William,
On 4/29/25 7:04 AM, William Crowell wrote:
Just for my clarification: When wa
Chris,
Beautiful answer and exactly what I was looking for. Thank you.
Regards,
William Crowell
From: Christopher Schultz
Date: Tuesday, April 29, 2025 at 10:32 AM
To: Tomcat Users List , William Crowell
Subject: Re: When was the first stable GA release of Apache Tomcat 11.0.x?
William
William,
On 4/29/25 7:04 AM, William Crowell wrote:
Just for my clarification: When was the first stable GA release of
Apache Tomcat 11.0.x?
I believe it was October 9th, 2024, but I did see the Jakarta EE
Platform Web Profile 11 was released on March 30th, 2025:
https://projects.eclipse.org
Good morning,
Just for my clarification: When was the first stable GA release of Apache
Tomcat 11.0.x?
I believe it was October 9th, 2024, but I did see the Jakarta EE Platform Web
Profile 11 was released on March 30th, 2025:
https://projects.eclipse.org/projects/ee4j.jakartaee-platform
31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.5
Apache Tomcat 10.1.10 to 10.1.39
Apache Tomcat 9.0.76 to 9.0.102
Description:
Incorrect error handling for some invalid
Hi,
I have looked at the commits and all have in changes http2. Is this an
issue in case we don't use http2?
Thank you.
Regards,
Zdenek Henek
On Mon, Apr 28, 2025 at 7:12 PM Mark Thomas wrote:
> CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
>
>
CVE-2025-31651 Apache Tomcat - Rewrite rule bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.5
Apache Tomcat 10.1.0-M1 to 10.1.39
Apache Tomcat 9.0.0.M1 to 9.0.102
Description:
For a subset of unlikely rewrite rule configurations
CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.5
Apache Tomcat 10.1.10 to 10.1.39
Apache Tomcat 9.0.76 to 9.0.102
Description:
Incorrect error handling for some
Rémy,
On 4/17/25 11:47 AM, Rémy Maucherat wrote:
On Thu, Apr 17, 2025 at 5:16 PM William Crowell
wrote:
Hi,
A few questions on the future direction of the project.
It seems like Project Panama is still in preview mode as of JDK 24. Is that
correct?
No, it's a stable regular part of Java
Mark and Rémy,
Thank you for your replies. I think it would be better for now if HTTP/3 is
required is to front Tomcat with NGINX as a reverse proxy.
Regards,
William Crowell
From: Mark Thomas
Date: Thursday, April 17, 2025 at 1:30 PM
To: users@tomcat.apache.org
Subject: Re: Apache Tomcat
ide I
would at least be interested.
What are the plans for the next major release of Tomcat?
Work is already underway on Tomcat 12. The plan is to start milestone
releases when there are enough 12.0.x specific features to make releases
worthwhile.
Current changelog is here:
https://github.co
On Thu, Apr 17, 2025 at 5:16 PM William Crowell
wrote:
>
> Hi,
>
> A few questions on the future direction of the project.
>
> It seems like Project Panama is still in preview mode as of JDK 24. Is that
> correct?
No, it's a stable regular part of Java since Java 22. Availability of
the API wil
Hi,
A few questions on the future direction of the project.
It seems like Project Panama is still in preview mode as of JDK 24. Is that
correct?
Is there any update on QUIC transport protocol over HTTP/3 support in Tomcat 11?
Does it have anything to do with JEP draft 8291976?
https://openjd
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.104.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.104 is a bugfix and
Hi,
Is there any current up-to-date documentation on how to setup Apache Tomcat 9
with SAML and Active Directory that is not AI generated?
I know you can do Keycloak IdP with Tomcat, but I was trying to avoid setting
up an identity provider.
I am finding links, but I think there is some
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.102.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.102 is a bugfix and
omcat Developers List ; Tomcat Users List
; annou...@tomcat.apache.org ;
annou...@apache.org
Subject: [ANN] Apache Tomcat 10.1.36 Available
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is
And the release status in the header. (Sorry for spam.)
From: Amit Pande
Sent: Wednesday, February 19, 2025 8:55 AM
To: Tomcat Users List
Subject: Re: [ANN] Apache Tomcat 10.1.36 Available
CAUTION: This email originated from outside the organization. Do not
; Tomcat Users List
; annou...@tomcat.apache.org
; annou...@apache.org
Subject: [ANN] Apache Tomcat 10.1.36 Available
CAUTION: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe. If you believe
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.36.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.100.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.100 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.4.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.3.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.99.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.99 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.35.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.9
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artifacts from Java EE 8 to Jakarta EE 9
On Thu, Dec 26, 2024 at 2:56 PM Luqman C
wrote:
>
> Dear Apache Tomcat Team,
> I am writing to verify if my client environment is affected by the
> CVE-2024-56337 vulnerability in Apache Tomcat, related to remote code
> execution (RCE) via a write-enabled default servlet, whi
Dear Apache Tomcat Team,
I am writing to verify if my client environment is affected by the
CVE-2024-56337 vulnerability in Apache Tomcat, related to remote code execution
(RCE) via a write-enabled default servlet, which also impacts mitigation for
CVE-2024-50379. Below are the details of the
CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet -
CVE-2024-50379 mitigation was incomplete
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
I truly appreciate your swift response, Mark. Thank you so much!
On Thu, Dec 19, 2024 at 4:23 PM Mark Thomas wrote:
> On 19/12/2024 10:49, Thiru wrote:
> > Hello There,
> >
> > Good day!
> >
> > Could you kindly help clarify the following regarding CVE-2024-50379?
> >
> > In the default Tomcat
On 19/12/2024 10:49, Thiru wrote:
Hello There,
Good day!
Could you kindly help clarify the following regarding CVE-2024-50379?
In the default Tomcat setup, the readonly initialization parameter of the
DefaultServlet is not write-enabled, even for a case-insensitive file
system (Reference: http
Hello There,
Good day!
Could you kindly help clarify the following regarding CVE-2024-50379?
In the default Tomcat setup, the readonly initialization parameter of the
DefaultServlet is not write-enabled, even for a case-insensitive file
system (Reference: https://tomcat.apache.org/tomcat-9.0-doc
CVE-2024-54677 Apache Tomcat - DoS in examples web application
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
Description:
Numerous examples in the examples web
CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
Description:
If the default servlet is write
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.34.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.34.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.98.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.98 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.2.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications
asses just in
more JARs.
If you have an example where you see JPMS errors when using the standard
Tomcat JARs then please provide sufficient details for use to recreate
the issue so we can investigate.
Mark
On 07/12/2024 20:37, Erik Meuwese wrote:
Apache Tomcat copies classes of the Jakar
Apache Tomcat copies classes of the Jakarta EE API's into the Tomcat
module. The package jakarta
https://github.com/apache/tomcat/tree/main/java/jakarta should be removed
from the Tomcat module or renamed. And the Jakarta EE API's should be
included as dependencies.
Copying the source
hanks and Regards,
Rajendra Rathore
9922701491
-Original Message-
From: Mark Thomas
Sent: Monday, November 18, 2024 4:48 PM
To: Tomcat Users List
Cc: annou...@apache.org; annou...@tomcat.apache.org; Tomcat Developers List
Subject: [SECURITY] CVE-2024-52317 Apache Tomcat - Request a
CVE-2024-52318 Apache Tomcat - XSS in generated JSPs
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0
Apache Tomcat 10.1.31
Apache Tomcat 9.0.96
Description:
The fix for improvement 69333 [0] caused pooled JSP tags not to be
released after
; annou...@tomcat.apache.org; Tomcat Developers List
Subject: [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response
mix-up
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0
Note: Correction to 10.1.x affected versions
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M23 to 11.0.0-M26
Apache Tomcat 10.1.27 to 10.1.30
Apache Tomcat 9.0.92 to 9.0.95
CVE-2024-52317 Apache Tomcat - Request and/or response mix-up
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M23 to 11.0.0-M26
Apache Tomcat 10.1.7 to 10.1.30
Apache Tomcat 9.0.92 to 9.0.95
Description:
Incorrect recycling of the request and
CVE-2024-52316 Apache Tomcat - Authentication Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M26
Apache Tomcat 10.1.0-M1 to 10.1.30
Apache Tomcat 9.0.0-M1 to 9.0.95
Description:
If Tomcat was configured to use a custom Jakarta
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.33.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.97.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.97 is a bugfix and
вс, 3 нояб. 2024 г. в 03:46, Frankowski, Adam :
>
> Hi,
>
>
>
> We have noticed an issue that occurred when we attempted to upgrade to Apache
> Tomcat 9.0.96. We found that the standard taglib did not properly
> escape XML strings anymore. This can lead to c
Hi,
We have noticed an issue that occurred when we attempted to upgrade to Apache
Tomcat 9.0.96. We found that the standard taglib did not properly
escape XML strings anymore. This can lead to cross-site scripting (XSS)
attacks if user input is not properly escaped.
Has anybody else
On 18/10/2024 09:55, Kele Masemola wrote:
Good day,
We are trying to integrate Tomcat Apache with Sentinel, so we just wanted to
get some clarity on a few things. We installed Apache Tomcat data connector on
Sentinel. It seems the Apache servers in our environment are running on Windows
Good day,
We are trying to integrate Tomcat Apache with Sentinel, so we just wanted to
get some clarity on a few things. We installed Apache Tomcat data connector on
Sentinel. It seems the Apache servers in our environment are running on Windows
machines, so when we download and install the
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.96.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.96 is a bugfix and
CVE-2024-38286 Apache Tomcat - Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M20
Apache Tomcat 10.1.0-M1 to 10.1.24
Apache Tomcat 9.0.13 to 9.0.89
Description:
Tomcat, under certain configurations on any
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.95.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.95 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M26 (beta).
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
1 - 100 of 1085 matches
Mail list logo
