tomcat-jsp-2.3-api-9.0.87-6.el9_7.1 RPM for noarch

From AlmaLinux 9.7 AppStream for x86_64

Apache Tomcat JSP API Implementation Classes.

Provides

• tomcat-jsp-2.3-api
• jsp
• mvn(org.apache.tomcat:tomcat-jsp-api)
• mvn(org.apache.tomcat:tomcat-jsp-api:pom:)
• mvn(org.eclipse.jetty.orbit:javax.servlet.jsp)
• mvn(org.eclipse.jetty.orbit:javax.servlet.jsp:pom:)

Requires

• /bin/sh
• /bin/sh
• javapackages-filesystem
• mvn(org.apache.tomcat:tomcat-el-api) = 9.0.87
• mvn(org.apache.tomcat:tomcat-servlet-api) = 9.0.87
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• tomcat-el-3.0-api = 1:9.0.87-6.el9_7.1
• tomcat-servlet-4.0-api = 1:9.0.87-6.el9_7.1

License

ASL 2.0

Changelog

* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6.el9_7.1
  - Resolves: RHEL-124518
    tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
  - Resolves: RHEL-91753
    tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
  - Resolves: RHEL-102201
    tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
  - Resolves: RHEL-108489
    tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
  - Resolves: RHEL-108497
    tomcat: Dos in multipart upload (CVE-2025-48988)
  - Resolves: RHEL-108505
    tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
  - Resolves: RHEL-108513
    tomcat: Denial of service (CVE-2025-52434)
  - Resolves: RHEL-108529
    tomcat: Denial of service (CVE-2025-52520)
  - Resolves: RHEL-108523
    tomcat: Denial of service (CVE-2025-53506)
* Mon Jul 21 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-4
  - Resolves: RHEL-91763
    tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
  - Resolves: RHEL-71985
    tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
* Tue Apr 08 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
  - Resolves: RHEL-82945
    tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
  - Resolves: RHEL-71723
    tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
  - Resolves: RHEL-46163
    tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
  - Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat
* Fri May 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1
  - Resolves: RHEL-35812 - Rebase tomcat to version 9.0.87
  - Resolves: RHEL-29257
    tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
  - Resolves: RHEL-29252
    tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
  - Resolves: RHEL-53001 - Amend tomcat's changelog
    (CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080)
* Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-39
  - Resolves: RHEL-17605
    tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)

Files

/usr/share/java/tomcat
/usr/share/java/tomcat-jsp-2.3-api.jar
/usr/share/java/tomcat-jsp-api.jar
/usr/share/java/tomcat/tomcat-jsp-2.3-api.jar
/usr/share/java/tomcat/tomcat-jsp-api.jar
/usr/share/maven-metadata/tomcat-tomcat-jsp-api.xml
/usr/share/maven-poms/tomcat
/usr/share/maven-poms/tomcat/tomcat-jsp-api.pom

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Dec 13 06:25:46 2025