Overview
Request 1139643 accepted
- Update to Tomcat 10.1.18
* Fixed CVEs:
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
incorrect headers parsing (bsc#1217649)
* Catalina
+ Update: 68378: Align extension to MIME type mappings in the
global web.xml with those in httpd by adding
application/vnd.geogebra.slides for ggs, text/javascript for mjs
and audio/ogg for opus. (markt)
+ Fix: Background processes should not be run concurrently with
lifecycle operations of a container. (remm)
+ Fix: Correct unintended escaping of XML in some WebDAV
responses. The XML list of support locks when provided in
response to a PROPFIND request was incorrectly XML escaped.
(markt)
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
if AsyncListener.onError() calls AsyncContext.dispatch().
(markt)
+ Fix: 68228: Use a 408 status code if a read timeout occurs
during HTTP request processing. Includes a test case based on
code provided by adwsingh. (markt)
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
rendering of X509Certificate#getNotAfter(). (michaelo)
+ Update: The status servlet included in the manager webapp
can now output statistics as JSON, using the JSON=true URL
parameter. (remm)
+ Update: Optionally allow ServiceBindingPropertySource to
trim a trailing newline from a file containing a
property-value. (schultz)
+ Fix: 67793: Ensure the original session timeout is restored
- Created by mbussolotto
- In state accepted
- Supersedes 1139529
Request History
mbussolotto created request
- Update to Tomcat 10.1.18
* Fixed CVEs:
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
incorrect headers parsing (bsc#1217649)
* Catalina
+ Update: 68378: Align extension to MIME type mappings in the
global web.xml with those in httpd by adding
application/vnd.geogebra.slides for ggs, text/javascript for mjs
and audio/ogg for opus. (markt)
+ Fix: Background processes should not be run concurrently with
lifecycle operations of a container. (remm)
+ Fix: Correct unintended escaping of XML in some WebDAV
responses. The XML list of support locks when provided in
response to a PROPFIND request was incorrectly XML escaped.
(markt)
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
if AsyncListener.onError() calls AsyncContext.dispatch().
(markt)
+ Fix: 68228: Use a 408 status code if a read timeout occurs
during HTTP request processing. Includes a test case based on
code provided by adwsingh. (markt)
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
rendering of X509Certificate#getNotAfter(). (michaelo)
+ Update: The status servlet included in the manager webapp
can now output statistics as JSON, using the JSON=true URL
parameter. (remm)
+ Update: Optionally allow ServiceBindingPropertySource to
trim a trailing newline from a file containing a
property-value. (schultz)
+ Fix: 67793: Ensure the original session timeout is restored
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:21"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:adi:21"
dimstar accepted review
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:adi:21 got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:adi:21 got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:adi:21 got accepted.
