| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tomcat | Distribution: CentOS |
| Version: 9.0.117 | Vendor: CentOS |
| Release: 2.el9 | Build date: Mon Jun 15 17:16:14 2026 |
| Group: Unspecified | Build host: x86-02.stream.rdu2.redhat.com |
| Size: 331780 | Source RPM: tomcat-9.0.117-2.el9.src.rpm |
| Packager: builder@centos.org | |
| Url: http://tomcat.apache.org/ | |
| Summary: Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API | |
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
ASL 2.0
* Thu Jun 04 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-2
- Resolves: RHEL-183992 Remove tomcat clustering JAR from RPM builds
- Exclude i686 architecture from build
* Tue May 26 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-1
- Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation
- Resolves:
Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (CVE-2026-34500)
- Resolves:
Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token (CVE-2026-34487)
- Resolves:
Tomcat: The fix for CVE-2026-29146 allowed the bypass of the EncryptInterceptor (CVE-2026-34486)
- Resolves:
Tomcat: Incomplete escaping of JSON access logs (CVE-2026-34483)
- Resolves:
Tomcat: The fix for CVE-2025-66614 was incomplete (CVE-2026-32990)
- Resolves:
Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default (CVE-2026-29146)
- Resolves:
Tomcat: OCSP checks sometimes soft-fail even when soft-fail is disabled (CVE-2026-29145)
- Resolves:
Tomcat: Configured TLS cipher preference order not preserved (CVE-2026-29129)
- Resolves:
Tomcat: Occasionally open redirect (CVE-2026-25854)
- Resolves:
Tomcat: Request smuggling via invalid chunk extension (CVE-2026-24880)
- Resolves:
Tomcat: Incomplete OCSP verification checks (CVE-2026-24734)
- Resolves:
Tomcat: Security constraint bypass (CVE-2026-24733)
- Resolves:
Tomcat: Client certificate verification bypass due to virtual host mapping (CVE-2025-66614)
* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
- Resolves: RHEL-168081 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
* Thu Feb 26 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
- Resolves: RHEL-154364 Tomcat fails to respond to client connections when using Java 8
* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
- Resolves: RHEL-148687
Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
* Wed Jan 21 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-7
- Resolves: RHEL-124516
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-132561
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
- Resolves: RHEL-102201
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
- Resolves: RHEL-108489
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108497
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108505
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108513
tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108529
tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108523
tomcat: Denial of service (CVE-2025-53506)
* Mon Jul 21 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-4
- Resolves: RHEL-91763
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71985
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
* Tue Apr 08 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
- Resolves: RHEL-82945
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71723
tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Resolves: RHEL-46163
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
- Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat
/etc/logrotate.d/tomcat.disabled /etc/sysconfig/tomcat /etc/tomcat /etc/tomcat/Catalina /etc/tomcat/Catalina/localhost /etc/tomcat/catalina.policy /etc/tomcat/catalina.properties /etc/tomcat/conf.d /etc/tomcat/conf.d/README /etc/tomcat/conf.d/java-9-start-up-parameters.conf /etc/tomcat/context.xml /etc/tomcat/jaspic-providers.xml /etc/tomcat/jaspic-providers.xsd /etc/tomcat/logging.properties /etc/tomcat/server.xml /etc/tomcat/tomcat-users.xml /etc/tomcat/tomcat-users.xsd /etc/tomcat/tomcat.conf /etc/tomcat/web.xml /usr/bin/tomcat-digest /usr/bin/tomcat-tool-wrapper /usr/lib/systemd/system/tomcat.service /usr/lib/systemd/system/tomcat@.service /usr/libexec/tomcat /usr/libexec/tomcat/functions /usr/libexec/tomcat/preamble /usr/libexec/tomcat/server /usr/sbin/tomcat /usr/share/doc/tomcat /usr/share/doc/tomcat/LICENSE /usr/share/doc/tomcat/NOTICE /usr/share/doc/tomcat/RELEASE-NOTES /usr/share/tomcat /usr/share/tomcat/bin/bootstrap.jar /usr/share/tomcat/bin/catalina-tasks.xml /usr/share/tomcat/conf /usr/share/tomcat/lib /usr/share/tomcat/logs /usr/share/tomcat/temp /usr/share/tomcat/webapps /usr/share/tomcat/work /var/cache/tomcat /var/cache/tomcat/temp /var/cache/tomcat/work /var/lib/tomcat /var/lib/tomcat/webapps /var/lib/tomcats /var/log/tomcat
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Jul 2 04:41:38 2026