- Update to Tomcat 9.0.108 #1

mbussolotto · 2025-08-25T15:06:47+02:00

mbussolotto commented

2025-08-25 15:06:47 +02:00

Fixed CVEs:
- CVE-2025-48989: Update the HTTP/2 overhead documentation (bsc#1243895)
- Catalina
  - Fix: Fix bloom filter population for archive indexing when using a packed
    WAR containing one or more JAR files. (markt)
- Coyote
  - Fix: 69748: Add missing call to set keep-alive timeout when using
    HTTP/1.1 following an async request, which was present for AJP.
    (remm/markt)
  - Fix: 69762: Fix possible overflow during HPACK decoding of integers. Note
    that the maximum permitted value of an HPACK decoded integer is
    Integer.MAX_VALUE. (markt)
  - Fix: Update the HTTP/2 overhead documentation - particularly the code
    comments - to reflect the deprecation of the PRIORITY frame and clarify
    that a stream reset always triggers an overhead increase. (markt)
- Cluster
  - Update: Add enableStatistics configuration attribute for the DeltaManager,
    defaulting to true. (remm)
- Web applications
  - Fix: Manager and Host Manager. Provide the Manager and Host Manager web
    applications with a dedicated favicon file rather than using the one from
    the ROOT web application which might not be present or may represent
    something entirely different. Pull requests #876 and #878 by Simon Arame.
- Other
  - Update: Update Checkstyle to 10.26.1. (markt)
  - Add: Improvements to French translations. (remm)
  - Add: Improvements to Japanese translations by tak7iji. (markt)

* Fixed CVEs: + CVE-2025-48989: Update the HTTP/2 overhead documentation (bsc#1243895) * Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one or more JAR files. (markt) * Coyote + Fix: 69748: Add missing call to set keep-alive timeout when using HTTP/1.1 following an async request, which was present for AJP. (remm/markt) + Fix: 69762: Fix possible overflow during HPACK decoding of integers. Note that the maximum permitted value of an HPACK decoded integer is Integer.MAX_VALUE. (markt) + Fix: Update the HTTP/2 overhead documentation - particularly the code comments - to reflect the deprecation of the PRIORITY frame and clarify that a stream reset always triggers an overhead increase. (markt) * Cluster + Update: Add enableStatistics configuration attribute for the DeltaManager, defaulting to true. (remm) * Web applications + Fix: Manager and Host Manager. Provide the Manager and Host Manager web applications with a dedicated favicon file rather than using the one from the ROOT web application which might not be present or may represent something entirely different. Pull requests #876 and #878 by Simon Arame. * Other + Update: Update Checkstyle to 10.26.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt)

mbussolotto added 1 commit 2025-08-25 15:06:47 +02:00

Update to Tomcat 9.0.108 a076043ab2

autogits-devel referenced this issue from a commit

2025-08-25 15:06:53 +02:00

auto-created for tomcat

autogits-devel requested review from adamm 2025-08-25 15:07:00 +02:00

autogits-devel requested review from fstrba 2025-08-25 15:07:07 +02:00

autogits-devel requested review from gkenion 2025-08-25 15:07:15 +02:00

autogits-devel requested review from j_renner 2025-08-25 15:07:16 +02:00

autogits-devel requested review from pmonrealgonzalez 2025-08-25 15:07:16 +02:00

fstrba merged commit a076043ab2 into main

2025-08-25 15:15:33 +02:00