Copied from
debian sid in
Primary Archive for Debian GNU/Linux
Changelog
tomcat9 (9.0.43-3) unstable; urgency=medium
* Team upload.
* CVE-2021-30640: Fix NullPointerException.
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
-- Markus Koschany <email address hidden> Tue, 10 Aug 2021 17:17:56 +0200