Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Implemented
    • Affects Version/s: Trunk
    • Fix Version/s: Upcoming Release
    • Component/s: framework
    • Labels:
      None

      Description

      There is a new Tomcat version available which fixes a CVE:

      The Apache Tomcat team announces the immediate availability of Apache
      Tomcat 8.5.23.

      Tomcat 8.x users should normally be using 8.5.x releases in preference
      to 8.0.x releases.

      Apache Tomcat 8 is an open source software implementation of the Java
      Servlet, JavaServer Pages, Java Unified Expression Language, Java
      WebSocket and Java Authentication Service Provider Interface for
      Containers technologies.

      Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
      features pulled forward from the 9.0.x branch. The notable changes since
      8.5.20 include:

      • Fix CVE-2017-12617
      • Add ExtractingRoot, a new WebResourceRoot implementation that extracts
        JARs to the work directory for improved performance when deploying
        packed WAR files.
      • Additional capabilities for the CGI Servlet. Based on patches provided
        by jm009.
      • Added support for the OpenSSL SSL_CONF API. To support this the
        minimum required Tomcat Native version is 1.2.14.

      Please refer to the change log for the complete list of changes:
      http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

        Activity

        Hide
        Dennis Balkir Dennis Balkir added a comment -

        changed the dependencies in the build.gradle file from 8.5.20 to 8.5.23, made a test and testIntegration and started and tested ofbiz

        Show
        Dennis Balkir Dennis Balkir added a comment - changed the dependencies in the build.gradle file from 8.5.20 to 8.5.23, made a test and testIntegration and started and tested ofbiz
        Hide
        mbrohl Michael Brohl added a comment -

        Thanks Dennis,

        your patch is in trunk r1811404.

        Show
        mbrohl Michael Brohl added a comment - Thanks Dennis, your patch is in trunk r1811404.

          People

          • Assignee:
            mbrohl Michael Brohl
            Reporter:
            mbrohl Michael Brohl
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development