Change log for tomcat9 package in Debian
1 → 49 of 49 results | First • Previous • Next • Last |
Published in bullseye-release |
tomcat9 (9.0.43-2~deb11u9) bullseye-security; urgency=high * More HTTP/2 overhead protection adjustments -- Emmanuel Bourg <email address hidden> Mon, 16 Oct 2023 14:51:43 +0200
tomcat9 (9.0.70-2) unstable; urgency=medium * Team upload. * Drop tomcat9 server packages because only one Tomcat version is supported per release. Only retain libtomcat9-java because of compatibility reasons for now. Users are strongly encouraged to switch to Tomcat 10 instead. (Closes: #1034824) -- Markus Koschany <email address hidden> Sat, 27 May 2023 17:51:32 +0200
Available diffs
Superseded in bullseye-release |
tomcat9 (9.0.43-2~deb11u6) bullseye-security; urgency=high * Team upload. * Fix CVE-2022-42252: Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. * Fix CVE-2022-45143: The JsonErrorReportValve in Apache Tomcat did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. * Fix CVE-2023-28708: When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. (Closes: #1033475) -- Markus Koschany <email address hidden> Wed, 05 Apr 2023 17:47:16 +0200
Superseded in bullseye-release |
tomcat9 (9.0.43-2~deb11u4) bullseye-security; urgency=high * Team upload. * Fix CVE-2021-43980: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. * Fix CVE-2022-23181: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. * Fix CVE-2022-29885: The documentation of Apache Tomcat for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. -- Markus Koschany <email address hidden> Sat, 29 Oct 2022 17:03:57 +0200
tomcat9 (9.0.70-1) unstable; urgency=medium * New upstream release - Refreshed the patches -- Emmanuel Bourg <email address hidden> Mon, 05 Dec 2022 18:50:40 +0100
Superseded in sid-release |
tomcat9 (9.0.68-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl <email address hidden> Sat, 15 Oct 2022 12:52:26 +0200
tomcat9 (9.0.68-1) unstable; urgency=medium * New upstream release * Look for OpenJDK 17 and up to 21 when starting the server (Closes: #1020948) * Simplified the Maven rules -- Emmanuel Bourg <email address hidden> Sat, 08 Oct 2022 13:53:36 +0200
tomcat9 (9.0.67-1) unstable; urgency=medium * Team upload. [ Thorsten Glaser ] * Fix a Policy violation in the Depends of bin:tomcat9 [ Emmanuel Bourg ] * New upstream release - Refreshed the patches -- Emmanuel Bourg <email address hidden> Tue, 27 Sep 2022 00:49:00 +0200
tomcat9 (9.0.65-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.65. -- Markus Koschany <email address hidden> Fri, 12 Aug 2022 12:56:06 +0200
tomcat9 (9.0.64-2) unstable; urgency=medium * Fallback to the default log formatter when systemd isn't used * Depend on systemd-sysusers and systemd-tmpfiles instead of systemd * Depend on libeclipse-jdt-core-java (>= 3.26.0) -- Emmanuel Bourg <email address hidden> Tue, 21 Jun 2022 14:59:03 +0200
Available diffs
- diff from 9.0.64-1 to 9.0.64-2 (1.4 KiB)
tomcat9 (9.0.64-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Standards-Version updated to 4.6.1 -- Emmanuel Bourg <email address hidden> Mon, 20 Jun 2022 15:17:59 +0200
Available diffs
- diff from 9.0.63-1 to 9.0.64-1 (38.4 KiB)
tomcat9 (9.0.63-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.63. - Fix CVE-2022-29885: Improve documentation for the EncryptInterceptor and do not claim it protects against all risks associated with running over any untrusted network. -- Markus Koschany <email address hidden> Fri, 13 May 2022 14:04:35 +0200
Available diffs
- diff from 9.0.62-1 to 9.0.63-1 (60.1 KiB)
tomcat9 (9.0.62-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.62. * Drop 0027-java11-compilation.patch because it is apparently no longer required. * Refresh disable-jacoco.patch for new release. * Depend on java11-runtime-headless because Java 8 is no longer supported. Thanks to Per Lundberg for the report. (Closes: #1006647) -- Markus Koschany <email address hidden> Fri, 29 Apr 2022 23:10:59 +0200
Available diffs
- diff from 9.0.58-1 to 9.0.62-1 (141.3 KiB)
Published in buster-release |
tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 * Fix CVE-2021-41079: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. -- Markus Koschany <email address hidden> Sat, 25 Sep 2021 22:17:13 +0200
tomcat9 (9.0.58-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.58. * Add disable-jacoco.patch and remove the dependency on jacoco when running the test suite. -- Markus Koschany <email address hidden> Wed, 09 Feb 2022 15:51:20 +0100
Available diffs
- diff from 9.0.55-1 to 9.0.58-1 (182.7 KiB)
Superseded in bullseye-release |
tomcat9 (9.0.43-2~deb11u3) bullseye-security; urgency=high * Team upload. * Fix CVE-2021-42340: Apache Tomcat did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. -- Markus Koschany <email address hidden> Fri, 12 Nov 2021 10:45:54 +0100
tomcat9 (9.0.55-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.55. -- Markus Koschany <email address hidden> Mon, 15 Nov 2021 22:12:42 +0100
Available diffs
- diff from 9.0.54-1 to 9.0.55-1 (46.8 KiB)
tomcat9 (9.0.54-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.54. - Fix CVE-2021-42340: The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. * Update 0010-debianize-build-xml.patch and depend on the setup-bnd task to prevent a FTBFS when building the tests. This replaces the workaround by setting addOSGi to false. Thanks to Aurimas Fišeras for the report. -- Markus Koschany <email address hidden> Fri, 22 Oct 2021 21:59:08 +0200
Available diffs
- diff from 9.0.43-3 to 9.0.54-1 (744.7 KiB)
- diff from 9.0.53-1 to 9.0.54-1 (42.3 KiB)
Superseded in buster-release |
tomcat9 (9.0.31-1~deb10u5) buster-security; urgency=high * Team upload. * Fix CVE-2021-30640: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. * Fix CVE-2021-33037: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. (Closes: #991046) -- Markus Koschany <email address hidden> Sat, 07 Aug 2021 18:25:15 +0200
Superseded in bullseye-release |
tomcat9 (9.0.43-2~deb11u1) bullseye-security; urgency=medium * Team upload. * Rebuild for bullseye-security. -- Markus Koschany <email address hidden> Sun, 08 Aug 2021 15:19:44 +0200
tomcat9 (9.0.53-1) unstable; urgency=medium * Team upload. * New upstream version 9.0.53. - Drop security patches. Fixed upstream. - Fix CVE-2021-41079: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. * Declare compliance with Debian Policy 4.6.0. * Set the fileOwner of catalina.out to tomcat explicitly. Thanks to Adam Cecile for the report. (Closes: #987179) * Refresh 0021-dont-test-unsupported-ciphers.patch * tomcat9.cron.daily: Set maxdepth to 1 so that log files of custom applications in subdirectories of /var/log/tomcat9 are not compressed. Thanks to Ludovic Pouzenc for the report. (Closes: #982961) * Exclude TestJNDIRealmIntegration because of missing dependencies. * d/rules: dh_auto_test override: Set addOSGi to false when building the tests to prevent a FTBFS. -- Markus Koschany <email address hidden> Fri, 24 Sep 2021 15:37:51 +0200
tomcat9 (9.0.43-3) unstable; urgency=medium * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 -- Markus Koschany <email address hidden> Tue, 10 Aug 2021 17:17:56 +0200
Available diffs
- diff from 9.0.43-2 to 9.0.43-3 (1.1 KiB)
tomcat9 (9.0.43-2) unstable; urgency=medium * Team upload. [ mirabilos ] * fix /var/log/tomcat9 permissions fixup for commit 51128fe9fb2d4d0b56be675d845cf92e4301a6c3 [ Markus Koschany ] * Fix CVE-2021-30640: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. * Fix CVE-2021-33037: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. (Closes: #991046) -- Markus Koschany <email address hidden> Sat, 07 Aug 2021 00:11:43 +0200
Available diffs
- diff from 9.0.43-1 to 9.0.43-2 (6.8 KiB)
Superseded in buster-release |
tomcat9 (9.0.31-1~deb10u4) buster-security; urgency=medium * CVE-2021-25122 * CVE-2021-25329 -- Moritz Mühlenhoff <email address hidden> Mon, 12 Apr 2021 16:45:06 +0200
Superseded in buster-release |
tomcat9 (9.0.31-1~deb10u3) buster-security; urgency=medium * Fixed CVE-2020-13943: HTTP/2 request mix-up. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. * Fixed CVE-2020-17527: HTTP/2 request header mix-up. It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. -- Emmanuel Bourg <email address hidden> Tue, 19 Jan 2021 23:31:47 +0100
tomcat9 (9.0.43-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Rotate the catalina.out log file with the tomcat user (Closes: #971583) * Switch to debhelper level 13 -- Emmanuel Bourg <email address hidden> Tue, 02 Feb 2021 20:23:51 +0100
Available diffs
- diff from 9.0.41-1 to 9.0.43-1 (157.4 KiB)
tomcat9 (9.0.41-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Standards-Version updated to 4.5.1 -- Emmanuel Bourg <email address hidden> Wed, 09 Dec 2020 16:03:00 +0100
Available diffs
- diff from 9.0.40-1 to 9.0.41-1 (19.3 KiB)
tomcat9 (9.0.40-1) unstable; urgency=medium [ Emmanuel Bourg ] * New upstream release - Refreshed the patches * Changed the home directory of the tomcat user to /var/lib/tomcat (Closes: #926338) [ Vincent McIntyre ] * Automatically export the JAVA_HOME environment variable when the value is defined in /etc/defaults/tomcat9 (Closes: #966338) -- Emmanuel Bourg <email address hidden> Tue, 24 Nov 2020 08:21:29 +0100
Available diffs
- diff from 9.0.39-1 to 9.0.40-1 (110.2 KiB)
tomcat9 (9.0.39-1) unstable; urgency=medium * New upstream release - Refreshed the patches * tomcat9-user now depends on netcat-openbsd instead of netcat (Closes: #966158) -- Emmanuel Bourg <email address hidden> Mon, 12 Oct 2020 17:16:57 +0200
Available diffs
- diff from 9.0.37-3 to 9.0.39-1 (339.9 KiB)
tomcat9 (9.0.38-1) unstable; urgency=medium * New upstream release - Refreshed the patches -- Emmanuel Bourg <email address hidden> Wed, 16 Sep 2020 16:04:03 +0200
tomcat9 (9.0.37-3) unstable; urgency=medium * control: Bump build-dep on bnd, drop bnd compat and re-export patches. (Closes: #964433) -- Timo Aaltonen <email address hidden> Thu, 06 Aug 2020 18:59:11 +0300
Available diffs
- diff from 9.0.36-1 to 9.0.37-3 (53.6 KiB)
- diff from 9.0.37-2 to 9.0.37-3 (1.4 KiB)
Superseded in buster-release |
tomcat9 (9.0.31-1~deb10u2) buster-security; urgency=high * Team upload. [ Emmanuel Bourg ] * Fixed CVE-2020-13935: WebSocket Denial of Service. The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. * Fixed CVE-2020-13934: HTTP/2 Denial of Service. An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. [ Markus Koschany ] * Fix CVE-2020-9484: When using Apache Tomcat an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. * Fix CVE-2020-11996: A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. -- Markus Koschany <email address hidden> Wed, 15 Jul 2020 13:43:33 +0200
tomcat9 (9.0.37-2) unstable; urgency=medium * d/p/0029-fix-regression-in-bz64540.patch: Re-export util.net.jsse and util.modeler.modules. (Closes: #964433) -- Timo Aaltonen <email address hidden> Tue, 28 Jul 2020 14:09:13 +0300
Available diffs
- diff from 9.0.37-1 to 9.0.37-2 (892 bytes)
tomcat9 (9.0.37-1) unstable; urgency=medium * New upstream release - Refreshed the patches - Fixed the compatibility with the version of bnd in Debian * Restored execute permission on /var/log/tomcat9 to the adm group -- Emmanuel Bourg <email address hidden> Mon, 06 Jul 2020 22:39:32 +0200
Available diffs
- diff from 9.0.36-1 to 9.0.37-1 (53.7 KiB)
tomcat9 (9.0.36-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Grant write access on /var/log/tomcat9 to the adm group (LP: #1861881) -- Emmanuel Bourg <email address hidden> Tue, 23 Jun 2020 11:47:47 +0200
Available diffs
- diff from 9.0.35-1 to 9.0.36-1 (39.4 KiB)
tomcat9 (9.0.35-1) unstable; urgency=medium * New upstream release - Fixes CVE-2020-9484: Remote Code Execution via session persistence (Closes: #961209) - Refreshed the patches -- Emmanuel Bourg <email address hidden> Thu, 21 May 2020 15:50:03 +0200
Available diffs
- diff from 9.0.34-1 to 9.0.35-1 (254.8 KiB)
tomcat9 (9.0.34-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Depend on libeclipse-jdt-core-java (>= 3.18.0) * Switch to debhelper level 12 -- Emmanuel Bourg <email address hidden> Mon, 27 Apr 2020 00:36:59 +0200
Available diffs
- diff from 9.0.31-1 to 9.0.34-1 (156.2 KiB)
tomcat9 (9.0.31-1) unstable; urgency=medium * New upstream release - Fixes CVE-2019-10072: Denial of Service (Closes: #930872) - Fixes CVE-2019-12418: Local Privilege Escalation - Fixes CVE-2019-17563: Session fixation attack - Fixes CVE-2019-17569: HTTP Request Smuggling - Fixes CVE-2020-1935: HTTP Request Smuggling - Fixes CVE-2020-1938: AJP Request Injection (Closes: #952437) - Fixes CATALINA_PID handling in catalina.sh (Closes: #948553) - Refreshed the patches - Fixed the compilation with Java 11 * Moved the RequiresMountsFor directive in the service file to the Unit section (Closes: #942316) * Tightened the dependency on systemd (Closes: #931997) * Standards-Version updated to 4.5.0 -- Emmanuel Bourg <email address hidden> Mon, 24 Feb 2020 23:37:00 +0100
Available diffs
- diff from 9.0.27-1 to 9.0.31-1 (215.1 KiB)
tomcat9 (9.0.27-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Standards-Version updated to 4.4.1 -- Emmanuel Bourg <email address hidden> Mon, 14 Oct 2019 11:31:50 +0200
Available diffs
- diff from 9.0.24-1 to 9.0.27-1 (181.1 KiB)
tomcat9 (9.0.24-1) unstable; urgency=medium * New upstream release - Refreshed the patches -- Emmanuel Bourg <email address hidden> Thu, 22 Aug 2019 13:55:14 +0200
Available diffs
- diff from 9.0.22-1 to 9.0.24-1 (118.7 KiB)
tomcat9 (9.0.22-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Track and download the new releases from GitHub * Standards-Version updated to 4.4.0 -- Emmanuel Bourg <email address hidden> Fri, 12 Jul 2019 15:01:28 +0200
Available diffs
- diff from 9.0.16-4 to 9.0.22-1 (317.2 KiB)
Deleted in experimental-release (Reason: None provided.) |
tomcat9 (9.0.16-5) experimental; urgency=low * Team upload. * Upload to experimental to get wider testing and availability * debian/logging.properties: Add commented-out non-systemd configuration * Make tomcat9 installable without systemd: - Readd logic to create the system user via adduser - Add sysvinit script, for init independence (Closes: #925473) * debian/README.Debian: Document non-systemd risks * Do not read /etc/default/tomcat9 twice -- Thorsten Glaser <email address hidden> Fri, 21 Jun 2019 18:38:08 +0200
tomcat9 (9.0.16-4) unstable; urgency=medium * Team upload. [ Emmanuel Bourg ] * Fixed CVE-2019-0221: The SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default (Closes: #929895) [ Thorsten Glaser ] * Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses a suitable GC automatically anyway (Closes: #925928) * Correct the ownership and permissions on the log directory: group adm and setgid (Closes: #925929) * Make the startup script honour the (renamed) $SECURITY_MANAGER * debian/libexec/tomcat-locate-java.sh: Remove shebang and make not executable as this is only ever sourced (makes no sense otherwise) [ Christian Hänsel ] * Restored the variable expansion in /etc/default/tomcat9 (Closes: #926319) -- Emmanuel Bourg <email address hidden> Thu, 13 Jun 2019 23:26:12 +0200
Available diffs
- diff from 9.0.16-3 to 9.0.16-4 (2.3 KiB)
tomcat9 (9.0.16-3) unstable; urgency=medium * Removed read/write access to /var/lib/solr (Closes: #923299) * Removed the broken catalina-ws.jar and catalina-jmx-remote.jar symlinks in /usr/share/tomcat9/lib/ -- Emmanuel Bourg <email address hidden> Tue, 26 Feb 2019 09:31:13 +0100
Available diffs
- diff from 9.0.16-2 to 9.0.16-3 (640 bytes)
tomcat9 (9.0.16-2) unstable; urgency=medium * Team upload. * tomcat9.service: Permit read and write access to /var/lib/solr too. (Closes: #919638) -- Markus Koschany <email address hidden> Mon, 18 Feb 2019 20:58:51 +0100
Available diffs
- diff from 9.0.16-1 to 9.0.16-2 (473 bytes)
tomcat9 (9.0.16-1) unstable; urgency=medium * New upstream release - Refreshed the patches - Install the new Chinese, Czech, German, Korean and Portuguese translations - No longer build the extra WS and JMX jars * Standards-Version updated to 4.3.0 -- Emmanuel Bourg <email address hidden> Fri, 08 Feb 2019 08:26:48 +0100
Available diffs
- diff from 9.0.14-1 to 9.0.16-1 (470.9 KiB)
tomcat9 (9.0.14-1) unstable; urgency=medium * New upstream release - Refreshed the patches * Create the /var/log/tomcat9/ and /var/cache/tomcat9/ directories at install time (Closes: #915791) * Tightened the dependency on systemd -- Emmanuel Bourg <email address hidden> Wed, 12 Dec 2018 13:45:52 +0100
Available diffs
- diff from 9.0.13-2 to 9.0.14-1 (441.7 KiB)
tomcat9 (9.0.13-2) unstable; urgency=medium * Install the tomcat-embed-* artifacts with the 9.x version (Closes: #915578) * Modified the dependencies required for creating the tomcat user (adduser is replaced by systemd) (Closes: #915586) * Fixed the tomcat-jasper pom to reference the ECJ dependency from libeclipse-jdt-core-java * Removed the redundant ReadWritePaths options in the service file for the log and cache directories (Thanks to Lennart Poettering for the suggestion) -- Emmanuel Bourg <email address hidden> Wed, 05 Dec 2018 10:04:52 +0100
Available diffs
- diff from 9.0.13-1 to 9.0.13-2 (945 bytes)
tomcat9 (9.0.13-1) unstable; urgency=medium * New upstream release - Refreshed the patches - Renamed the package to tomcat9 - Removed the libservlet3.1-java package. From now on the Servlet API is packaged in a separate package independent from Tomcat. - Depend on libeclipse-jdt-core-java (>= 3.14.0) instead of libecj-java - Updated the policy files in /etc/tomcat8/policy.d/ - Use the OSGi metadata generated by the upstream build - Deploy the Tomcat artifacts in the Maven repository with the 9.x version - Updated the README file * Removed the SysV init script * Restart the server automatically on failures * Use a fixed non-configurable user 'tomcat' to run the server * Removed the debconf integration. The user being now unmodifiable, the remaining configuration parameter JAVA_OPTS can be edited in /etc/default/tomcat9 * No longer add the 'common', 'server' and 'shared' directories under CATALINA_HOME and CATALINA_BASE to the classpath. Extra jar files should go to the 'lib' directory. * Let Tomcat handle the rotation of its log files with the maxDays parameter of the valves and log handlers instead of relying on a cron job * Renamed the TOMCAT_SECURITY parameter to SECURITY_MANAGER in the service configuration file * Simplified the postinst script by using systemd-sysusers to create the 'tomcat' user * No longer create the /etc/tomcat9/Catalina/localhost directory at install time and let Tomcat create it automatically * Let systemd automatically create /var/log/tomcat9 and /var/cache/tomcat9 * Prevent Tomcat from writing outside of /var/log/tomcat9, /var/cache/tomcat9, /var/lib/tomcat9/webapps and /etc/tomcat9/Catalina by default. This can be overridden (see the README file). * Build and install the extra jar catalina-ws.jar * No longer recommend libcommons-pool-java and libcommons-dbcp-java since Tomcat already embeds its own version of these libraries * Support three-way merge when upgrading the configuration files * Use the G1 garbage collector by default instead of Concurrent Mark Sweep * The setenv.sh script in tomcat9-user and the service startup script now share the same JDK detection logic -- Emmanuel Bourg <email address hidden> Wed, 28 Nov 2018 15:06:00 +0100
1 → 49 of 49 results | First • Previous • Next • Last |