Changelog
tomcat9 (9.0.16-4) unstable; urgency=medium
* Team upload.
[ Emmanuel Bourg ]
* Fixed CVE-2019-0221: The SSI printenv command echoes user provided data
without escaping and is, therefore, vulnerable to XSS. SSI is disabled
by default (Closes: #929895)
[ Thorsten Glaser ]
* Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses
a suitable GC automatically anyway (Closes: #925928)
* Correct the ownership and permissions on the log directory:
group adm and setgid (Closes: #925929)
* Make the startup script honour the (renamed) $SECURITY_MANAGER
* debian/libexec/tomcat-locate-java.sh: Remove shebang and make
not executable as this is only ever sourced (makes no sense otherwise)
[ Christian Hänsel ]
* Restored the variable expansion in /etc/default/tomcat9 (Closes: #926319)
-- Emmanuel Bourg <email address hidden> Thu, 13 Jun 2019 23:26:12 +0200