- Fri Jul 5 2019 daviddavid <daviddavid> 1:9.0.21-1.mga7
+ Revision: 1418800
- new version: 9.0.21, fixes CVE-2019-0199 and CVE-2019-0221 (mga#24799) - Sat Dec 15 2018 daviddavid <daviddavid> 1:9.0.13-1.mga7
+ Revision: 1341345
- new version: 9.0.13, fixes CVE-2018-11784 - Wed Dec 5 2018 daviddavid <daviddavid> 1:9.0.10-1.mga7
+ Revision: 1338423
- new version: 9.0.10 (sync with fc29)
* CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS
* CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
* CVE-2018-8034 tomcat: host name verification missing in WebSocket client
* CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up - Fri Sep 21 2018 umeabot <umeabot> 1:8.0.50-2.mga7
+ Revision: 1291867
- Mageia 7 Mass Rebuild - Sun Feb 25 2018 daviddavid <daviddavid> 1:8.0.50-1.mga7
+ Revision: 1204886
- new version: 8.0.50, fixes CVE-2018-1304 and CVE-2018-1305 (mga#22644) - Thu Feb 1 2018 daviddavid <daviddavid> 1:8.0.49-1.mga7
+ Revision: 1198447
- change "zip -u" to "zip"
- resolves: rhbz#1495241 [tomcat] zip -u in spec file causes race condition
- The tomcat-native binary is no longer copied to bin. See http://svn.apache.org/r1818186
- new version: 8.0.49 - Wed Oct 25 2017 daviddavid <daviddavid> 1:8.0.47-1.mga7
+ Revision: 1173763
- new version: 8.0.47, fixes CVE-2017-12615 and CVE-2017-12617 (mga#21933) - Sun Sep 3 2017 daviddavid <daviddavid> 1:8.0.46-1.mga7
+ Revision: 1150989
- Update to 8.0.46
- Resolves: rhbz#1480620 CVE-2017-7674 tomcat: Cache Poisoning