| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tomcat11-lib | Distribution: openSUSE Tumbleweed |
| Version: 11.0.9 | Vendor: openSUSE |
| Release: 1.1 | Build date: Wed Aug 6 15:07:07 2025 |
| Group: Productivity/Networking/Web/Servers | Build host: reproducible |
| Size: 6648171 | Source RPM: tomcat11-11.0.9-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://tomcat.apache.org | |
| Summary: Libraries needed to run the Tomcat Web container | |
Libraries required to successfully run the Tomcat Web container
Apache-2.0
* Wed Aug 06 2025 Michele Bussolotto <michele.bussolotto@suse.com>
- Update to Tomcat 11.0.9
- adapt tomcat-jdt.patch
* Fixed CVEs:
+ CVE-2025-52520: Align size tracking for multipart requests with
FileUpload's use of long. (bsc#1246388)
+ CVE-2025-53506: Apply the initial HTTP/2 connection limits earlier.
(bsc#1246318)
* Catalina
+ Fix: Ensure application configured welcome files override the defaults
when configuring an embedded web application programmatically. (markt)
+ Update: Optimize Request#getCharsetHolder to avoid repeated parsing when
charset is null. Patch provided by morning-gu. (schultz)
+ Fix: Allow the default servlet to set the content length when the content
length is known, no content has been written and a Writer is being used.
(markt)
+ Fix: 69717: Correct a regression in the fix for CVE-2025-49125 that
prevented access to PreResources and PostResources when mounted below the
web application root with a path that was terminated with a file
separator. (remm/markt)
+ Fix: 69731: Fix an issue that meant that the value of maxParameterCount
applied was smaller than intended for multipart uploads with non-file
parts when the parts were processed before query string parameters.
(markt)
+ Fix: Align size tracking for multipart requests with FileUpload's use of
long. (schultz)
* Coyote
+ Fix: 69710: Increase the default for maxPartCount from 10 to 50. Update
the documentation to provide more details on the memory requirements to
support multi-part uploads while avoiding a denial of service risk.
(markt)
+ Fix: 69713: Correctly handle an HTTP/2 data frame that includes padding
when the headers include a content-length. (remm/markt)
+ Fix: Correctly collect statistics for HTTP/2 requests and avoid counting
one request multiple times. Based on pull request #868 by qingdaoheze.
(markt)
+ Fix: Fix JMX value for keepAliveCount on the endpoint. Also add the value
of useVirtualThreads in JMX. (remm)
+ Fix: 69728: Remove incorrect warning when HTTP/2 is used with optional
certificate verification and improve the warnings when a web application
tries to use CLIENT-CERT with either HTTP/2 or a JSSE implementation of
TLS 1.3. (markt)
+ Fix: When setting the initial HTTP/2 connection limit, apply those limits
earlier. (markt)
* Jasper
+ Code: Remove IMPL_OBJ_START from EL grammar for IDENTIFIER. (markt)
+ Code: Remove the INSTANCEOF and FUNCTIONSUFFIX definitions from the EL
grammar as both are unused. (markt)
* Web applications
+ Add: Documentation. Provide more explicit guidance regarding the security
considerations for enabling write access to the web application via
WebDAV, HTTP PUT requests or similar. (markt)
+ Add: Documentation. Add a section on reverse proxies to the security
considerations page. (markt)
* Other
+ Update: Update to the Eclipse JDT compiler 4.36. (markt)
+ Update: Update UnboundID to 7.0.3. (markt)
+ Update: Update Checkstyle to 10.25.1. (markt)
+ Update: Improvements to French translations. (remm)
+ Update: Improvements to Japanese translations provided by tak7iji. (markt)
* Tue Jun 24 2025 Michele Bussolotto <michele.bussolotto@suse.com>
- Update to Tomcat 11.0.8
* Fixed CVEs:
+ CVE-2025-46701: refactor CGI servlet to access resources via
WebResources (bsc#1243815)
+ CVE-2025-48988: limits the total number of parts in a
multi-part request and limits the size of
the headers provided with each part (bsc#1244656)
+ CVE-2025-49125: Expand checks for webAppMount (bsc#1244649)
* Catalina
+ Add: Support for the java:module namespace which mirrors the
java:comp namespace.
+ Fix: 69690: Calling HttpServletRequest.getParameter() and related
methods for a request with content type multipart/form-data when
the mapped servlet does not have a @MultipartConfig or equivalent
should not trigger an exception. Note that calling getPart() or
getParts() is these circumstances will trigger an exception.
+ Add: Support parsing of multiple path parameters separated by ; in a
single URL segment. Based on pull request #860 by Chenjp.
+ Fix: 69699: Encode redirect URL used by the rewrite valve with the
session id if appropriate, and handle cross context with different
session configuration when using rewrite.
+ Add: #863: Support for comments at the end of lines in text rewrite
map files to align behaviour with Apache httpd. Pull request
provided by Chenjp.
+ Fix: 69706: Saved request serialization issue in FORM introduced
when allowing infinite session timeouts.
+ Fix: Expand the path checks for Pre-Resources and Post-Resources
mounted at a path within the web application.
+ Fix: Process possible path parameters rewrite production in the
rewrite valve.
+ Fix: 69588: Enable allowLinking to be set on PreResources,
JarResources and PostResources. If not set explicitly, the setting
will be inherited from the Resources.
+ Add: 69633: Support for Filters using context root mappings.
+ Fix: 69643: Optimize directory listing for large amount of files.
Patch submitted by Loic de l'Eprevier.
+ Fix: #843: Off by one validation logic for partial PUT ranges and
associated test case. Submitted by Chenjp.
+ Refactor: GCI servlet to access resources via the WebResource API.
+ Fix: 69662: Report name in exception message when a naming lookup
failure occurs. Based on code submitted by Donald Smith.
+ Fix: Ensure that the FORM authentication attribute
authenticationSessionTimeout works correctly when sessions have an
infinite timeout when authentication starts.
+ Add: Provide a content type based on file extension when web
application resources are accessed via a URL.
* Coyote
+ Refactor: #861: TaskQueue to use the new interface RetryableQueue
which enables better integration of custom Executors which provide
their own BlockingQueue implementation. Pull request provided by
Paulo Almeida.
+ Add: Finer grained control of multi-part request processing via two
new attributes on the Connector element. maxPartCount limits the
total number of parts in a multi-part request and maxPartHeaderSize
limits the size of the headers provided with each part. Add support
for these new attributes to the ParameterLimitValve.
* Jasper
+ Fix: 69696: Mark the JSP wrapper for reload after a failed
compilation.
+ Fix: 69635: Add support to jakarta.el.ImportHandler for resolving
inner classes.
+ Add: #842: Support for optimized execution of c:set and c:remove
tags, when activated via JSP servlet param
useNonstandardTagOptimizations.
+ Fix: An edge case compilation bug for JSP and tag files on case
insensitive file systems that was exposed by the test case for
69635.
* Web applications
+ Fix: 69694: Improve error reporting of deployment tasks done using
the manager webapp when a copy operation fails.
+ Add: 68876: Documentation. Update the UML diagrams for server
start-up, request processing and authentication using PlantUML and
include the source files for each diagram.
* Other
+ Add: Thread name to webappClassLoader.stackTraceRequestThread
message. Patch provided by Felix Zhang.
+ Update: Tomcat Native to 2.0.9.
+ Update: The internal fork of Apache Commons FileUpload to 1.6.0-RC1
(2025-06-05).
+ Update: EasyMock to 5.6.0.
+ Update: Checkstyle to 10.25.0.
+ Fix: Use the full path when the installer for Windows sets calls
icacls.exe to set file permissions.
+ Update: Improvements to Japanese translations provided by tak7iji.
+ Update: Jacoco to 0.8.13.
+ Code: Explicitly set the locale to be used for Javadoc. For
official releases, this locale will be English (US) to support
reproducible builds.
+ Update: Byte Buddy to 1.17.5.
+ Update: Checkstyle to 10.23.1.
+ Update: File extension to media type mappings to align with the
current list used by the Apache Web Server (httpd).
+ Update: Improvements to French translations.
+ Update: Improvements to Japanese translations provided by tak7iji.
* Tue Jun 10 2025 Michele Bussolotto <michele.bussolotto@suse.com>
- Hardening permissions (bsc#1242722)
* Fri May 09 2025 Fridrich Strba <fstrba@suse.com>
- Do not require standalone versions of apis that tomcat itself
carries
- Do not version dependencies
* Fri May 02 2025 Fridrich Strba <fstrba@suse.com>
- Make conflicts and provides more generic
* Mon Apr 28 2025 Ricardo Mestre <ricardo.mestre@suse.com>
- Initial packaging of tomcat11 11.0.6
/etc/ant.d /etc/ant.d/catalina-ant /usr/share/java/tomcat /usr/share/java/tomcat/annotations-api.jar /usr/share/java/tomcat/catalina-ant.jar /usr/share/java/tomcat/catalina-ha.jar /usr/share/java/tomcat/catalina-ssi.jar /usr/share/java/tomcat/catalina-storeconfig.jar /usr/share/java/tomcat/catalina-tribes.jar /usr/share/java/tomcat/catalina.jar /usr/share/java/tomcat/commons-collections.jar /usr/share/java/tomcat/commons-dbcp2.jar /usr/share/java/tomcat/commons-pool2.jar /usr/share/java/tomcat/ecj.jar /usr/share/java/tomcat/jakartaee-migration.jar /usr/share/java/tomcat/jasper-el.jar /usr/share/java/tomcat/jasper-jdt.jar /usr/share/java/tomcat/jasper.jar /usr/share/java/tomcat/jaspic-api.jar /usr/share/java/tomcat/tomcat-api.jar /usr/share/java/tomcat/tomcat-coyote-ffm.jar /usr/share/java/tomcat/tomcat-coyote.jar /usr/share/java/tomcat/tomcat-dbcp.jar /usr/share/java/tomcat/tomcat-i18n-cs.jar /usr/share/java/tomcat/tomcat-i18n-de.jar /usr/share/java/tomcat/tomcat-i18n-es.jar /usr/share/java/tomcat/tomcat-i18n-fr.jar /usr/share/java/tomcat/tomcat-i18n-ja.jar /usr/share/java/tomcat/tomcat-i18n-ko.jar /usr/share/java/tomcat/tomcat-i18n-pt-BR.jar /usr/share/java/tomcat/tomcat-i18n-ru.jar /usr/share/java/tomcat/tomcat-i18n-zh-CN.jar /usr/share/java/tomcat/tomcat-jdbc.jar /usr/share/java/tomcat/tomcat-jni.jar /usr/share/java/tomcat/tomcat-jsp-4.0-api.jar /usr/share/java/tomcat/tomcat-juli.jar /usr/share/java/tomcat/tomcat-servlet-6.1-api.jar /usr/share/java/tomcat/tomcat-util-scan.jar /usr/share/java/tomcat/tomcat-util.jar /usr/share/java/tomcat/tomcat-websocket.jar /usr/share/java/tomcat/websocket-api.jar /usr/share/java/tomcat/websocket-client-api.jar /usr/share/maven-metadata/tomcat11.xml /usr/share/maven-poms/JPP.tomcat-annotations-api.pom /usr/share/maven-poms/JPP.tomcat-catalina-ha.pom /usr/share/maven-poms/JPP.tomcat-catalina-tribes.pom /usr/share/maven-poms/JPP.tomcat-catalina.pom /usr/share/maven-poms/JPP.tomcat-jasper-el.pom /usr/share/maven-poms/JPP.tomcat-jasper.pom /usr/share/maven-poms/JPP.tomcat-jaspic-api.pom /usr/share/maven-poms/JPP.tomcat-tomcat-api.pom /usr/share/maven-poms/JPP.tomcat-tomcat-coyote.pom /usr/share/maven-poms/JPP.tomcat-tomcat-dbcp.pom /usr/share/maven-poms/JPP.tomcat-tomcat-jdbc.pom /usr/share/maven-poms/JPP.tomcat-tomcat-jni.pom /usr/share/maven-poms/JPP.tomcat-tomcat-juli.pom /usr/share/maven-poms/JPP.tomcat-tomcat-util-scan.pom /usr/share/maven-poms/JPP.tomcat-tomcat-util.pom /usr/share/maven-poms/JPP.tomcat-tomcat-websocket.pom /usr/share/maven-poms/JPP.tomcat-websocket-api.pom /usr/share/maven-poms/JPP.tomcat-websocket-client-api.pom /usr/share/tomcat/bin /usr/share/tomcat/bin/tomcat-juli.jar
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Aug 19 22:21:53 2025