Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Release Branch 18.12, Trunk, 17.12.05
    • Fix Version/s: 18.12.01, 17.12.06
    • Component/s: framework
    • Labels:
    • Sprint:
      Bug Crush Event - 21/2/2015


      Needs backport because of the CVE reports:


      The Apache Tomcat team announces the immediate availability of Apache
      Tomcat 9.0.43.

      Apache Tomcat 9 is an open source software implementation of the Java
      Servlet, JavaServer Pages, Java Unified Expression Language, Java
      WebSocket and JASPIC technologies.

      Apache Tomcat 9.0.43 is a bugfix and feature release. The notable
      changes compared to 9.0.41 include:

      • Add support for using Unix domain sockets for NIO when running on Java
        16 or later.
      • Add a new StringInterpreter interface that allows applications to
        provide customised string attribute value to type conversion within
        JSPs. This allows applications to provide a conversion implementation
        that is optimised for the application.
      • Add peerAddress to coyote request, which contains the IP address of
        the direct connection peer. If a reverse proxy sits in front of Tomcat
        and the RemoteIp(Valve|Filter) is used, the peerAddress is likely to
        differ from the remoteAddress. The remoteAddress is likely to contain
        the address of the client in front of the reverse proxy, not the
        address of the proxy itself.

      Please refer to the change log for the complete list of changes:


        Issue Links



            • Assignee:
              mbrohl Michael Brohl
              mbrohl Michael Brohl


              • Created:


                  Issue deployment