Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Implemented
    • Affects Version/s: Trunk
    • Fix Version/s: 17.12.01
    • Component/s: framework
    • Labels:
      None

      Description

      There is a new Tomcat version available which fixes a CVE:

      The Apache Tomcat team announces the immediate availability of Apache
      Tomcat 8.5.23.

      Tomcat 8.x users should normally be using 8.5.x releases in preference
      to 8.0.x releases.

      Apache Tomcat 8 is an open source software implementation of the Java
      Servlet, JavaServer Pages, Java Unified Expression Language, Java
      WebSocket and Java Authentication Service Provider Interface for
      Containers technologies.

      Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
      features pulled forward from the 9.0.x branch. The notable changes since
      8.5.20 include:

      • Fix CVE-2017-12617
      • Add ExtractingRoot, a new WebResourceRoot implementation that extracts
        JARs to the work directory for improved performance when deploying
        packed WAR files.
      • Additional capabilities for the CGI Servlet. Based on patches provided
        by jm009.
      • Added support for the OpenSSL SSL_CONF API. To support this the
        minimum required Tomcat Native version is 1.2.14.

      Please refer to the change log for the complete list of changes:
      http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

        Attachments

          Activity

            People

            • Assignee:
              mbrohl Michael Brohl
              Reporter:
              mbrohl Michael Brohl
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: