UbuntuUpdates.org

Package "libtomcat8-embed-java"

Name: libtomcat8-embed-java

Description:

Apache Tomcat 8 - Servlet and JSP engine -- embed libraries

Latest version: 8.5.39-1ubuntu1~18.04.3
Release: bionic (18.04)
Level: security
Repository: universe
Head package: tomcat8
Homepage: http://tomcat.apache.org

Links

Save this URL for the latest version of "libtomcat8-embed-java": https://www.ubuntuupdates.org/libtomcat8-embed-java


Download "libtomcat8-embed-java"


Other versions of "libtomcat8-embed-java" in Bionic

Repository Area Version
base universe 8.5.30-1ubuntu1
updates universe 8.5.39-1ubuntu1~18.04.3

Changelog

Version: 8.5.39-1ubuntu1~18.04.3 2019-09-11 18:07:07 UTC
No changelog available yet.
Source diff to previous version

Version: 8.5.39-1ubuntu1~18.04.1 2019-04-16 18:07:07 UTC

  tomcat8 (8.5.39-1ubuntu1~18.04.1) bionic; urgency=medium

  [ Matthias Klose ]
  * Backport for OpenJDK 11. LP: #1817567.
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.

  [ Tiago Stürmer Daitx ]
  * debian/tomcat8.service: removed, use the init.d script instead.
    LP: #1819721.
  * debian/tomcat8.init, debian/logging.properties: revert back to the
    conffiles from the previous version; this allows unattended-upgrades
    to update tomcat8 even when local changes are present.
  * debian/series: no longer apply 0023-disable-shutdown-by-socket.patch
    so server.xml conffile is unmodified from previous version.

Source diff to previous version
1819721 tomcat8 SRU for bionic uses systemd service instead of init scripts

Version: 8.5.30-1ubuntu1.4 2018-08-27 17:06:59 UTC

  tomcat8 (8.5.30-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE:
   - CVE-2018-1336: A bug in the UTF-8 decoder can lead to DoS
   - CVE-2018-8034: host name verification missing in WebSocket client
   - CVE-2018-8037: Information Disclosure

 -- Thomas Opfer <email address hidden> Mon, 13 Aug 2018 22:23:56 +0200

Source diff to previous version
CVE-2018-1336 A bug in the UTF-8 decoder can lead to DoS
CVE-2018-8034 host name verification missing in WebSocket client
CVE-2018-8037 If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that cou

Version: 8.5.30-1ubuntu1.2 2018-05-30 21:07:48 UTC

  tomcat8 (8.5.30-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

 -- Marc Deslauriers <email address hidden> Wed, 30 May 2018 09:37:13 -0400

CVE-2018-8014 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are ins



About   -   Send Feedback to @ubuntu_updates