Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tomcat-9.0.117-2.el9 RPM for noarch

From CentOS Stream 9 AppStream for ppc64le

Name: tomcat Distribution: CentOS
Version: 9.0.117 Vendor: CentOS
Release: 2.el9 Build date: Mon Jun 15 17:16:14 2026
Group: Unspecified Build host: x86-02.stream.rdu2.redhat.com
Size: 331780 Source RPM: tomcat-9.0.117-2.el9.src.rpm
Packager: builder@centos.org
Url: http://tomcat.apache.org/
Summary: Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.

Provides

Requires

License

ASL 2.0

Changelog

* Thu Jun 04 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-2
  - Resolves: RHEL-183992 Remove tomcat clustering JAR from RPM builds
  - Exclude i686 architecture from build
* Tue May 26 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-1
  - Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation
  - Resolves:
    Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (CVE-2026-34500)
  - Resolves:
    Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token (CVE-2026-34487)
  - Resolves:
    Tomcat: The fix for CVE-2026-29146 allowed the bypass of the EncryptInterceptor (CVE-2026-34486)
  - Resolves:
    Tomcat: Incomplete escaping of JSON access logs (CVE-2026-34483)
  - Resolves:
    Tomcat: The fix for CVE-2025-66614 was incomplete (CVE-2026-32990)
  - Resolves:
    Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default (CVE-2026-29146)
  - Resolves:
    Tomcat: OCSP checks sometimes soft-fail even when soft-fail is disabled (CVE-2026-29145)
  - Resolves:
    Tomcat: Configured TLS cipher preference order not preserved (CVE-2026-29129)
  - Resolves:
    Tomcat: Occasionally open redirect (CVE-2026-25854)
  - Resolves:
    Tomcat: Request smuggling via invalid chunk extension (CVE-2026-24880)
  - Resolves:
    Tomcat: Incomplete OCSP verification checks (CVE-2026-24734)
  - Resolves:
    Tomcat: Security constraint bypass (CVE-2026-24733)
  - Resolves:
    Tomcat: Client certificate verification bypass due to virtual host mapping (CVE-2025-66614)
* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
  - Resolves: RHEL-168081 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
* Thu Feb 26 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
  - Resolves: RHEL-154364 Tomcat fails to respond to client connections when using Java 8
* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
  - Resolves: RHEL-148687
    Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
* Wed Jan 21 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-7
  - Resolves: RHEL-124516
    tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
  - Resolves: RHEL-132561
    tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
  - Resolves: RHEL-102201
    tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
  - Resolves: RHEL-108489
    tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
  - Resolves: RHEL-108497
    tomcat: Dos in multipart upload (CVE-2025-48988)
  - Resolves: RHEL-108505
    tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
  - Resolves: RHEL-108513
    tomcat: Denial of service (CVE-2025-52434)
  - Resolves: RHEL-108529
    tomcat: Denial of service (CVE-2025-52520)
  - Resolves: RHEL-108523
    tomcat: Denial of service (CVE-2025-53506)
* Mon Jul 21 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-4
  - Resolves: RHEL-91763
    tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
  - Resolves: RHEL-71985
    tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
* Tue Apr 08 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
  - Resolves: RHEL-82945
    tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
  - Resolves: RHEL-71723
    tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
  - Resolves: RHEL-46163
    tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
  - Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat

Files

/etc/logrotate.d/tomcat.disabled
/etc/sysconfig/tomcat
/etc/tomcat
/etc/tomcat/Catalina
/etc/tomcat/Catalina/localhost
/etc/tomcat/catalina.policy
/etc/tomcat/catalina.properties
/etc/tomcat/conf.d
/etc/tomcat/conf.d/README
/etc/tomcat/conf.d/java-9-start-up-parameters.conf
/etc/tomcat/context.xml
/etc/tomcat/jaspic-providers.xml
/etc/tomcat/jaspic-providers.xsd
/etc/tomcat/logging.properties
/etc/tomcat/server.xml
/etc/tomcat/tomcat-users.xml
/etc/tomcat/tomcat-users.xsd
/etc/tomcat/tomcat.conf
/etc/tomcat/web.xml
/usr/bin/tomcat-digest
/usr/bin/tomcat-tool-wrapper
/usr/lib/systemd/system/tomcat.service
/usr/lib/systemd/system/tomcat@.service
/usr/libexec/tomcat
/usr/libexec/tomcat/functions
/usr/libexec/tomcat/preamble
/usr/libexec/tomcat/server
/usr/sbin/tomcat
/usr/share/doc/tomcat
/usr/share/doc/tomcat/LICENSE
/usr/share/doc/tomcat/NOTICE
/usr/share/doc/tomcat/RELEASE-NOTES
/usr/share/tomcat
/usr/share/tomcat/bin/bootstrap.jar
/usr/share/tomcat/bin/catalina-tasks.xml
/usr/share/tomcat/conf
/usr/share/tomcat/lib
/usr/share/tomcat/logs
/usr/share/tomcat/temp
/usr/share/tomcat/webapps
/usr/share/tomcat/work
/var/cache/tomcat
/var/cache/tomcat/temp
/var/cache/tomcat/work
/var/lib/tomcat
/var/lib/tomcat/webapps
/var/lib/tomcats
/var/log/tomcat


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Jul 2 04:26:31 2026