java-packages/tomcat11
SHA256
7
0
Fork 2
forked from pool/tomcat11
Code Pull Requests Activity

Update to Tomcat 11.0.18 #5

Merged
fstrba merged 1 commits from rmestre/tomcat11:update_tomcat_11_0_18_factory into main 2026-03-06 19:50:12 +01:00
Conversation 1 Commits 1 Files Changed 6 +203 -20
rmestre commented 2026-03-06 14:38:38 +01:00
Contributor
Copy Link

This PR updates tomcat11 package to v11.0.18

Critical changes:

  • Fixed CVEs:
    • CVE-2025-66614: client certificate verification bypass due to virtual
      host mapping (bsc#1258371)
    • CVE-2026-24733: improper input validation on HTTP/0.9 requests
      (bsc#1258385)
    • CVE-2026-24734: certificate revocation bypass due to incomplete OCSP
      verification checks (bsc#1258387)
This PR updates tomcat11 package to v11.0.18 Critical changes: * Fixed CVEs: + CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371) + CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385) + CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387)
rmestre added 1 commit 2026-03-06 14:38:38 +01:00
Update to Tomcat 11.0.18 7f21f8b43a
rmestre requested review from fstrba 2026-03-06 15:27:09 +01:00
fstrba approved these changes 2026-03-06 19:43:44 +01:00
fstrba left a comment
Owner
Copy Link

LGTM

LGTM
fstrba merged commit 7f21f8b43a into main 2026-03-06 19:50:12 +01:00
fstrba referenced this issue from a commit 2026-03-06 19:57:15 +01:00
auto-created for tomcat11
Sign in to join this conversation.
Reviewers
No Reviewers
fstrba
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm adamm_super autogits-devel fstrba j_renner pmonrealgonzalez
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: java-packages/tomcat11#5
Delete Branch "rmestre/tomcat11:update_tomcat_11_0_18_factory"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?