| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tomcat-lib | Distribution: CentOS |
| Version: 9.0.117 | Vendor: CentOS |
| Release: 1.el9 | Build date: Fri May 29 11:09:21 2026 |
| Group: Unspecified | Build host: aarch64-02.stream.rdu2.redhat.com |
| Size: 7711753 | Source RPM: tomcat-9.0.117-1.el9.src.rpm |
| Packager: builder@centos.org | |
| Url: http://tomcat.apache.org/ | |
| Summary: Libraries needed to run the Tomcat Web container | |
Libraries needed to run the Tomcat Web container.
ASL 2.0
* Tue May 26 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-1
- Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation
- Resolves:
Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (CVE-2026-34500)
- Resolves:
Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token (CVE-2026-34487)
- Resolves:
Tomcat: The fix for CVE-2026-29146 allowed the bypass of the EncryptInterceptor (CVE-2026-34486)
- Resolves:
Tomcat: Incomplete escaping of JSON access logs (CVE-2026-34483)
- Resolves:
Tomcat: The fix for CVE-2025-66614 was incomplete (CVE-2026-32990)
- Resolves:
Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default (CVE-2026-29146)
- Resolves:
Tomcat: OCSP checks sometimes soft-fail even when soft-fail is disabled (CVE-2026-29145)
- Resolves:
Tomcat: Configured TLS cipher preference order not preserved (CVE-2026-29129)
- Resolves:
Tomcat: Occasionally open redirect (CVE-2026-25854)
- Resolves:
Tomcat: Request smuggling via invalid chunk extension (CVE-2026-24880)
- Resolves:
Tomcat: Incomplete OCSP verification checks (CVE-2026-24734)
- Resolves:
Tomcat: Security constraint bypass (CVE-2026-24733)
- Resolves:
Tomcat: Client certificate verification bypass due to virtual host mapping (CVE-2025-66614)
* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
- Resolves: RHEL-168081 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
* Thu Feb 26 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
- Resolves: RHEL-154364 Tomcat fails to respond to client connections when using Java 8
* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
- Resolves: RHEL-148687
Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
* Wed Jan 21 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-7
- Resolves: RHEL-124516
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-132561
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
- Resolves: RHEL-102201
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
- Resolves: RHEL-108489
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108497
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108505
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108513
tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108529
tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108523
tomcat: Denial of service (CVE-2025-53506)
* Mon Jul 21 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-4
- Resolves: RHEL-91763
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71985
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
* Tue Apr 08 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
- Resolves: RHEL-82945
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71723
tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Resolves: RHEL-46163
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
- Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat
/usr/share/java/tomcat /usr/share/java/tomcat/annotations-api.jar /usr/share/java/tomcat/catalina-ant.jar /usr/share/java/tomcat/catalina-ha.jar /usr/share/java/tomcat/catalina-ssi.jar /usr/share/java/tomcat/catalina-storeconfig.jar /usr/share/java/tomcat/catalina-tribes.jar /usr/share/java/tomcat/catalina.jar /usr/share/java/tomcat/jasper-el.jar /usr/share/java/tomcat/jasper-jdt.jar /usr/share/java/tomcat/jasper.jar /usr/share/java/tomcat/jaspic-api.jar /usr/share/java/tomcat/tomcat-api.jar /usr/share/java/tomcat/tomcat-coyote-ffm.jar /usr/share/java/tomcat/tomcat-coyote.jar /usr/share/java/tomcat/tomcat-dbcp.jar /usr/share/java/tomcat/tomcat-el-api.jar /usr/share/java/tomcat/tomcat-i18n-cs.jar /usr/share/java/tomcat/tomcat-i18n-de.jar /usr/share/java/tomcat/tomcat-i18n-es.jar /usr/share/java/tomcat/tomcat-i18n-fr.jar /usr/share/java/tomcat/tomcat-i18n-ja.jar /usr/share/java/tomcat/tomcat-i18n-ko.jar /usr/share/java/tomcat/tomcat-i18n-pt-BR.jar /usr/share/java/tomcat/tomcat-i18n-ru.jar /usr/share/java/tomcat/tomcat-i18n-zh-CN.jar /usr/share/java/tomcat/tomcat-jdbc.jar /usr/share/java/tomcat/tomcat-jni.jar /usr/share/java/tomcat/tomcat-jsp-api.jar /usr/share/java/tomcat/tomcat-juli.jar /usr/share/java/tomcat/tomcat-servlet-api.jar /usr/share/java/tomcat/tomcat-util-scan.jar /usr/share/java/tomcat/tomcat-util.jar /usr/share/java/tomcat/tomcat-websocket.jar /usr/share/java/tomcat/websocket-api.jar /usr/share/maven-metadata/tomcat.xml /usr/share/maven-poms/tomcat /usr/share/maven-poms/tomcat/annotations-api.pom /usr/share/maven-poms/tomcat/catalina-ant.pom /usr/share/maven-poms/tomcat/catalina-ha.pom /usr/share/maven-poms/tomcat/catalina-ssi.pom /usr/share/maven-poms/tomcat/catalina-storeconfig.pom /usr/share/maven-poms/tomcat/catalina-tribes.pom /usr/share/maven-poms/tomcat/catalina.pom /usr/share/maven-poms/tomcat/jasper-el.pom /usr/share/maven-poms/tomcat/jasper.pom /usr/share/maven-poms/tomcat/jaspic-api.pom /usr/share/maven-poms/tomcat/tomcat-api.pom /usr/share/maven-poms/tomcat/tomcat-coyote.pom /usr/share/maven-poms/tomcat/tomcat-dbcp.pom /usr/share/maven-poms/tomcat/tomcat-i18n-cs.pom /usr/share/maven-poms/tomcat/tomcat-i18n-de.pom /usr/share/maven-poms/tomcat/tomcat-i18n-es.pom /usr/share/maven-poms/tomcat/tomcat-i18n-fr.pom /usr/share/maven-poms/tomcat/tomcat-i18n-ja.pom /usr/share/maven-poms/tomcat/tomcat-i18n-ko.pom /usr/share/maven-poms/tomcat/tomcat-i18n-pt-BR.pom /usr/share/maven-poms/tomcat/tomcat-i18n-ru.pom /usr/share/maven-poms/tomcat/tomcat-i18n-zh-CN.pom /usr/share/maven-poms/tomcat/tomcat-jdbc.pom /usr/share/maven-poms/tomcat/tomcat-jni.pom /usr/share/maven-poms/tomcat/tomcat-juli.pom /usr/share/maven-poms/tomcat/tomcat-util-scan.pom /usr/share/maven-poms/tomcat/tomcat-util.pom /usr/share/maven-poms/tomcat/tomcat-websocket.pom /usr/share/maven-poms/tomcat/tomcat.pom /usr/share/maven-poms/tomcat/websocket-api.pom /usr/share/tomcat/bin/tomcat-juli.jar
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jun 16 04:48:57 2026