Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2024:4106-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4106-1 advisory. - Update to Tomcat 9.0.97 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 statu...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2024:4105-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4105-1 advisory. - Update to Tomcat 10.1.33 Fixed CVEs: - CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 stat...

SUSE-SU-2024:4106-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.97 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt + Add:...

SUSE-SU-2024:4105-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.33 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt +...

RHEL 8 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: EncryptInterceptor documentation mistake CVE-2022-29885 - The HTTP/2 implementation in Apache...

A Bootiful Podcast: Spring Cloud cofounder and lead Spencer Gibb on Spring Cloud Gateway for the Servlet API in the era of Project Loom

Hi, Spring fans! In this installment, my first since I returned from two blistering hot but super fun months in Asia, I talk to Spring Cloud cofounder and lead Spencer Gibb @SpencerBGibb about the new Servlet-friendly Spring Cloud Gateway project...

Fixed in Apache Tomcat 9.0.16

Note: The issue below was fixed in Apache Tomcat 9.0.15 but the release vote for the 9.0.15 release candidate did not pass. Therefore, although users must download 9.0.16 to obtain a version that includes a fix for these issues, version 9.0.15 is not included in the list of affected versions...

Fixed in Apache Tomcat 8.5.38

Important: Denial of Service CVE-2019-0199 The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's...

[ANN] Struts 2.3.14.1 GA (fast track | security)

The Apache Struts group is pleased to announce that Struts 2.3.14.1 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed...