Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9813

Update to Tomcat 8.5.23

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Implemented
    • Trunk
    • 17.12.01
    • framework
    • None

    Description

      There is a new Tomcat version available which fixes a CVE:

      The Apache Tomcat team announces the immediate availability of Apache
      Tomcat 8.5.23.

      Tomcat 8.x users should normally be using 8.5.x releases in preference
      to 8.0.x releases.

      Apache Tomcat 8 is an open source software implementation of the Java
      Servlet, JavaServer Pages, Java Unified Expression Language, Java
      WebSocket and Java Authentication Service Provider Interface for
      Containers technologies.

      Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
      features pulled forward from the 9.0.x branch. The notable changes since
      8.5.20 include:

      • Fix CVE-2017-12617
      • Add ExtractingRoot, a new WebResourceRoot implementation that extracts
        JARs to the work directory for improved performance when deploying
        packed WAR files.
      • Additional capabilities for the CGI Servlet. Based on patches provided
        by jm009.
      • Added support for the OpenSSL SSL_CONF API. To support this the
        minimum required Tomcat Native version is 1.2.14.

      Please refer to the change log for the complete list of changes:
      http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

      Attachments

        Activity

          People

            mbrohl Michael Brohl
            mbrohl Michael Brohl
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: