Important: Denial of Service CVE-2024-23672
It was possible for a WebSocket client to keep a WebSocket connection open leading to increased resource consumption.
This was fixed with commit b0e3b1bd.
This issue was identified by the Tomcat Security Team on 17 January 2024. The issue was made public on 13 March 2024.
Affects: 11.0.0-M1 to 11.0.0-M16
Important: Denial of Service CVE-2024-24549
When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.
This was fixed with commit 810f49d5.
This issue was reported to the Tomcat Security Team on 24 January 2024. The issue was made public on 13 March 2024.
Affects: 11.0.0-M1 to 11.0.0-M16