Change log for tomcat9 package in Ubuntu

122 of 22 results
Published in groovy-release on 2020-08-18
Deleted in groovy-proposed (Reason: moved to Release)
tomcat9 (9.0.37-3) unstable; urgency=medium

  * control: Bump build-dep on bnd, drop bnd compat and re-export patches.
    (Closes: #964433)

 -- Timo Aaltonen <email address hidden>  Thu, 06 Aug 2020 18:59:11 +0300

Available diffs

Superseded in groovy-proposed on 2020-08-06
tomcat9 (9.0.37-2) unstable; urgency=medium

  * d/p/0029-fix-regression-in-bz64540.patch: Re-export util.net.jsse
    and util.modeler.modules. (Closes: #964433)

 -- Timo Aaltonen <email address hidden>  Tue, 28 Jul 2020 14:09:13 +0300

Available diffs

Superseded in groovy-proposed on 2020-07-28
tomcat9 (9.0.37-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
    - Fixed the compatibility with the version of bnd in Debian
  * Restored execute permission on /var/log/tomcat9 to the adm group

 -- Emmanuel Bourg <email address hidden>  Mon, 06 Jul 2020 22:39:32 +0200

Available diffs

Superseded in groovy-release on 2020-08-18
Deleted in groovy-proposed on 2020-08-19 (Reason: moved to Release)
tomcat9 (9.0.36-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Grant write access on /var/log/tomcat9 to the adm group (LP: #1861881)

 -- Emmanuel Bourg <email address hidden>  Tue, 23 Jun 2020 11:47:47 +0200

Available diffs

Superseded in groovy-release on 2020-06-26
Deleted in groovy-proposed on 2020-06-27 (Reason: moved to Release)
tomcat9 (9.0.35-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2020-9484: Remote Code Execution via session persistence (Closes: #961209)
    - Refreshed the patches

 -- Emmanuel Bourg <email address hidden>  Thu, 21 May 2020 15:50:03 +0200

Available diffs

Superseded in groovy-release on 2020-05-22
Deleted in groovy-proposed on 2020-05-23 (Reason: moved to Release)
tomcat9 (9.0.34-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Depend on libeclipse-jdt-core-java (>= 3.18.0)
  * Switch to debhelper level 12

 -- Emmanuel Bourg <email address hidden>  Mon, 27 Apr 2020 00:36:59 +0200

Available diffs

Superseded in groovy-release on 2020-04-30
Published in focal-release on 2020-02-25
Deleted in focal-proposed (Reason: moved to Release)
tomcat9 (9.0.31-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2019-10072: Denial of Service (Closes: #930872)
    - Fixes CVE-2019-12418: Local Privilege Escalation
    - Fixes CVE-2019-17563: Session fixation attack
    - Fixes CVE-2019-17569: HTTP Request Smuggling
    - Fixes CVE-2020-1935: HTTP Request Smuggling
    - Fixes CVE-2020-1938: AJP Request Injection (Closes: #952437)
    - Fixes CATALINA_PID handling in catalina.sh (Closes: #948553)
    - Refreshed the patches
    - Fixed the compilation with Java 11
  * Moved the RequiresMountsFor directive in the service file
    to the Unit section (Closes: #942316)
  * Tightened the dependency on systemd (Closes: #931997)
  * Standards-Version updated to 4.5.0

 -- Emmanuel Bourg <email address hidden>  Mon, 24 Feb 2020 23:37:00 +0100

Available diffs

Superseded in focal-release on 2020-02-25
Deleted in focal-proposed on 2020-02-26 (Reason: moved to Release)
tomcat9 (9.0.27-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Standards-Version updated to 4.4.1

 -- Emmanuel Bourg <email address hidden>  Mon, 14 Oct 2019 11:31:50 +0200

Available diffs

Obsolete in disco-updates on 2020-07-14
Obsolete in disco-security on 2020-07-14
tomcat9 (9.0.16-3ubuntu0.19.04.1) disco-security; urgency=medium

  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

 -- Emilia Torino <email address hidden>  Wed, 11 Sep 2019 14:56:27 -0300
Published in bionic-updates on 2019-09-18
Published in bionic-security on 2019-09-18
tomcat9 (9.0.16-3ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

 -- Emilia Torino <email address hidden>  Wed, 11 Sep 2019 16:47:51 -0300
Superseded in focal-release on 2019-10-28
Published in eoan-release on 2019-08-23
Deleted in eoan-proposed (Reason: moved to release)
tomcat9 (9.0.24-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches

 -- Emmanuel Bourg <email address hidden>  Thu, 22 Aug 2019 13:55:14 +0200

Available diffs

Superseded in eoan-release on 2019-08-23
Deleted in eoan-proposed on 2019-08-24 (Reason: moved to release)
tomcat9 (9.0.22-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Track and download the new releases from GitHub
  * Standards-Version updated to 4.4.0

 -- Emmanuel Bourg <email address hidden>  Fri, 12 Jul 2019 15:01:28 +0200

Available diffs

Superseded in eoan-release on 2019-07-13
Deleted in eoan-proposed on 2019-07-14 (Reason: moved to release)
tomcat9 (9.0.16-4) unstable; urgency=medium

  * Team upload.

  [ Emmanuel Bourg ]
  * Fixed CVE-2019-0221: The SSI printenv command echoes user provided data
    without escaping and is, therefore, vulnerable to XSS. SSI is disabled
    by default (Closes: #929895)

  [ Thorsten Glaser ]
  * Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses
    a suitable GC automatically anyway (Closes: #925928)
  * Correct the ownership and permissions on the log directory:
    group adm and setgid (Closes: #925929)
  * Make the startup script honour the (renamed) $SECURITY_MANAGER
  * debian/libexec/tomcat-locate-java.sh: Remove shebang and make
    not executable as this is only ever sourced (makes no sense otherwise)

  [ Christian Hänsel ]
  * Restored the variable expansion in /etc/default/tomcat9 (Closes: #926319)

 -- Emmanuel Bourg <email address hidden>  Thu, 13 Jun 2019 23:26:12 +0200

Available diffs

Obsolete in cosmic-updates on 2020-07-13
Obsolete in cosmic-security on 2020-07-13
Deleted in cosmic-proposed on 2020-07-13 (Reason: moved to -updates)
tomcat9 (9.0.16-3~18.10) cosmic; urgency=medium

  * Backport for OpenJDK 11. LP: #1817567.

Superseded in bionic-updates on 2019-09-18
Superseded in bionic-security on 2019-09-18
Deleted in bionic-proposed on 2019-09-19 (Reason: moved to -updates)
tomcat9 (9.0.16-3~18.04.1) bionic; urgency=medium

  * Don't set nologin shell in sysusers.d/tomcat9.conf
    It is the default anyway and systemd-sysusers in 18.04 can't parse it.
    (LP: #1823125)

Superseded in cosmic-proposed on 2019-04-15
Superseded in bionic-proposed on 2019-04-05
tomcat9 (9.0.16-3~18.04) bionic; urgency=medium

  * Backport for OpenJDK 11. LP: #1817567.

Superseded in eoan-release on 2019-06-15
Obsolete in disco-release on 2020-07-14
Deleted in disco-proposed on 2020-07-14 (Reason: moved to release)
tomcat9 (9.0.16-3) unstable; urgency=medium

  * Removed read/write access to /var/lib/solr (Closes: #923299)
  * Removed the broken catalina-ws.jar and catalina-jmx-remote.jar
    symlinks in /usr/share/tomcat9/lib/

 -- Emmanuel Bourg <email address hidden>  Tue, 26 Feb 2019 09:31:13 +0100

Available diffs

Superseded in disco-release on 2019-03-01
Deleted in disco-proposed on 2019-03-02 (Reason: moved to release)
tomcat9 (9.0.16-2) unstable; urgency=medium

  * Team upload.
  * tomcat9.service: Permit read and write access to /var/lib/solr too.
    (Closes: #919638)

 -- Markus Koschany <email address hidden>  Mon, 18 Feb 2019 20:58:51 +0100

Available diffs

Superseded in disco-release on 2019-02-19
Deleted in disco-proposed on 2019-02-20 (Reason: moved to release)
tomcat9 (9.0.16-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
    - Install the new Chinese, Czech, German, Korean and Portuguese translations
    - No longer build the extra WS and JMX jars
  * Standards-Version updated to 4.3.0

 -- Emmanuel Bourg <email address hidden>  Fri, 08 Feb 2019 08:26:48 +0100

Available diffs

Superseded in disco-release on 2019-02-08
Deleted in disco-proposed on 2019-02-09 (Reason: moved to release)
tomcat9 (9.0.14-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Create the /var/log/tomcat9/ and /var/cache/tomcat9/ directories
    at install time (Closes: #915791)
  * Tightened the dependency on systemd

 -- Emmanuel Bourg <email address hidden>  Wed, 12 Dec 2018 13:45:52 +0100

Available diffs

Superseded in disco-release on 2018-12-13
Deleted in disco-proposed on 2018-12-15 (Reason: moved to release)
tomcat9 (9.0.13-2) unstable; urgency=medium

  * Install the tomcat-embed-* artifacts with the 9.x version (Closes: #915578)
  * Modified the dependencies required for creating the tomcat user
    (adduser is replaced by systemd) (Closes: #915586)
  * Fixed the tomcat-jasper pom to reference the ECJ dependency
    from libeclipse-jdt-core-java
  * Removed the redundant ReadWritePaths options in the service file for the log
    and cache directories (Thanks to Lennart Poettering for the suggestion)

 -- Emmanuel Bourg <email address hidden>  Wed, 05 Dec 2018 10:04:52 +0100

Available diffs

Superseded in disco-release on 2018-12-05
Deleted in disco-proposed on 2018-12-07 (Reason: moved to release)
tomcat9 (9.0.13-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
    - Renamed the package to tomcat9
    - Removed the libservlet3.1-java package. From now on the Servlet API
      is packaged in a separate package independent from Tomcat.
    - Depend on libeclipse-jdt-core-java (>= 3.14.0) instead of libecj-java
    - Updated the policy files in /etc/tomcat8/policy.d/
    - Use the OSGi metadata generated by the upstream build
    - Deploy the Tomcat artifacts in the Maven repository with the 9.x version
    - Updated the README file
  * Removed the SysV init script
  * Restart the server automatically on failures
  * Use a fixed non-configurable user 'tomcat' to run the server
  * Removed the debconf integration. The user being now unmodifiable,
    the remaining configuration parameter JAVA_OPTS can be edited in
    /etc/default/tomcat9
  * No longer add the 'common', 'server' and 'shared' directories under
    CATALINA_HOME and CATALINA_BASE to the classpath. Extra jar files should go
    to the 'lib' directory.
  * Let Tomcat handle the rotation of its log files with the maxDays parameter
    of the valves and log handlers instead of relying on a cron job
  * Renamed the TOMCAT_SECURITY parameter to SECURITY_MANAGER in the service
    configuration file
  * Simplified the postinst script by using systemd-sysusers to create
    the 'tomcat' user
  * No longer create the /etc/tomcat9/Catalina/localhost directory at install
    time and let Tomcat create it automatically
  * Let systemd automatically create /var/log/tomcat9 and /var/cache/tomcat9
  * Prevent Tomcat from writing outside of /var/log/tomcat9, /var/cache/tomcat9,
    /var/lib/tomcat9/webapps and /etc/tomcat9/Catalina by default. This can be
    overridden (see the README file).
  * Build and install the extra jar catalina-ws.jar
  * No longer recommend libcommons-pool-java and libcommons-dbcp-java since
    Tomcat already embeds its own version of these libraries
  * Support three-way merge when upgrading the configuration files
  * Use the G1 garbage collector by default instead of Concurrent Mark Sweep
  * The setenv.sh script in tomcat9-user and the service startup script now
    share the same JDK detection logic

 -- Emmanuel Bourg <email address hidden>  Wed, 28 Nov 2018 15:06:00 +0100
122 of 22 results