- Tue Jan 21 2020 daviddavid <daviddavid> 1:9.0.30-1.mga7
+ Revision: 1481893
- new version: 9.0.30, fixes CVE-2019-12418 and CVE-2019-17563 (mga#25987)
- new version: 9.0.21, fixes CVE-2019-0199 and CVE-2019-0221 (mga#24799) - Sat Dec 15 2018 daviddavid <daviddavid> 1:9.0.13-1.mga7
+ Revision: 1341345
- new version: 9.0.13, fixes CVE-2018-11784 - Wed Dec 5 2018 daviddavid <daviddavid> 1:9.0.10-1.mga7
+ Revision: 1338423
- new version: 9.0.10 (sync with fc29)
* CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
* CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
* CVE-2018-8034 tomcat: host name verification missing in WebSocket client
* CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up - Fri Sep 21 2018 umeabot <umeabot> 1:8.0.50-2.mga7
+ Revision: 1291867
- Mageia 7 Mass Rebuild - Sun Feb 25 2018 daviddavid <daviddavid> 1:8.0.50-1.mga7
+ Revision: 1204886
- new version: 8.0.50, fixes CVE-2018-1304 and CVE-2018-1305 (mga#22644) - Thu Feb 1 2018 daviddavid <daviddavid> 1:8.0.49-1.mga7
+ Revision: 1198447
- change "zip -u" to "zip"
- resolves: rhbz#1495241 [tomcat] zip -u in spec file causes race condition
- The tomcat-native binary is no longer copied to bin. See http://svn.apache.org/r1818186
- new version: 8.0.49