diff --git a/apache-tomcat-10.1.14-src.tar.gz b/apache-tomcat-10.1.14-src.tar.gz
deleted file mode 100644
index 00309b4..0000000
--- a/apache-tomcat-10.1.14-src.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:029ef4076e5175a5ec2ce7dda191f2e2d6add0dd6c1366078e6ed7292dace80e
-size 6131823
diff --git a/apache-tomcat-10.1.14-src.tar.gz.asc b/apache-tomcat-10.1.14-src.tar.gz.asc
deleted file mode 100644
index f122786..0000000
--- a/apache-tomcat-10.1.14-src.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmUkebcACgkQHPApP6U8
-pFjGnBAAmA3QdkA/45KMJAHT5QADESvPXomHvHvG+iHJHfcgJJ//iBfY9f7FxLxw
-yrcRZcU8BUhw032DkL+R2UMVxnE+4z4MAFXYS+2X1WP6neGdAYl9Qx+3Q45h78Sj
-6/LYmYGiqFkkt7XM2Zh1Clw0EH93iSi+GAoXnuTtyPdJ4f7iBqG21kMErUu+iRKt
-591imA8NWiYL5q1+PiOMpElWsj142oefjCgM0xttWwLZoAQ5jcyyFYJ5B/kEuDbP
-trQpHUCTBA/0ltImYMaaHvLh//tiEj31EzLvU/+ofH8WoAEuV30kfHTSISLs5PEM
-h5wZel7KMBaOXPeEkHySHTC0hQ0+GbqV1utwkht6kLE2+LaPe/8G9McoEQr9sFFD
-8adgJH9DeDCJUjispTMF4UoJLCsHPL6UgEjcXFll9pEXADndWiX0cvt8t///Ej1+
-qwOzfCz0DJpfd5XAfLx+t8y66nf3EDvFMPuwXBtgaSzonW6TOHFcQu/P1Fzr95s8
-spWomzmETLJ9xos8g7gZYH5OA9zqrdrBhauBibWmdARAND26sQAYJvwbPXnEyre/
-rbtcWcPgvFeuHfjzo0CX02rhBbMKqmk62Nd9hK0O5/pFM9lOJoRwrgImmyIRAJUQ
-hohDjWTlPhtjc9bIlyLjCXEkIpno6YXMtzDoVam1rDsKS2Ggm5s=
-=/3mT
------END PGP SIGNATURE-----
diff --git a/apache-tomcat-10.1.16-src.tar.gz b/apache-tomcat-10.1.16-src.tar.gz
deleted file mode 100644
index 6ec2e96..0000000
--- a/apache-tomcat-10.1.16-src.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e676c0b964d5c27e02c668839940ce6510bebf6797a2d012652990de47a32967
-size 6148509
diff --git a/apache-tomcat-10.1.16-src.tar.gz.asc b/apache-tomcat-10.1.16-src.tar.gz.asc
deleted file mode 100644
index 423185d..0000000
--- a/apache-tomcat-10.1.16-src.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmVOWdQACgkQHPApP6U8
-pFhGlw//TWZrcrXHUZOR7WEeH3PNJxcqkz1mvyX6dpEILvhoc5F6rWiiVIF+IQWH
-COURprtCc2gY9o6HQn+FpB5nkULh99t1RbrmcsC/J0KwZ2JEz9iZTT9XLwUGapMf
-Jef9uSMjKoAH+6vT3CzspSKlBb6f4vFLLNM6VtPUAXxw5ssXUZG+WwzEFq9a6zKr
-jNCNehQ6BmT/IeV3YXJ+DCoYeb0Yi/ehnX4gB8MlmB111dhQzuBveuzgWBZKr3Rp
-oJrP6/P04pY6YtKbjwHSlZyUYvWeGnvjXY4H2NoD9hDEEOFuNHCnAugjiwls/+jB
-3PPMoG+BNGoRQ5F5Yo8ZoeNmRLCDDtCdM+oWlpbkDJh9GeEU2ym7puFmDp9GTnH1
-ltUKJp9uPOBu624oLSzSYzFWcrdH3h+gHO0uRdoYE15FCpxSlHT6ooy5QRH0yHw0
-sBugFplZ4gkT4i/pzsFhPCW46f7Rcu6hv7SOJw54kdAbKuQPc9W7eMIHHCBupFdY
-mTJQljPHVwR1JGi7sRc7U4iWezvUVEbW0Hi58a42KSjIoQd6QYPqcMVF87g1bLGT
-XFedyhTNBf2yqV4hSstYWd9VlrwCjgUR9zZ/9itihC589ldAdsl68kW5SzmpzKxa
-3tbQGPD2pPnS0D1dpZANjhgdQxekqUAkXsOiEJhDn6XSlyv7ibY=
-=nadB
------END PGP SIGNATURE-----
diff --git a/apache-tomcat-10.1.18-src.tar.gz b/apache-tomcat-10.1.18-src.tar.gz
new file mode 100644
index 0000000..19dba99
--- /dev/null
+++ b/apache-tomcat-10.1.18-src.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd7cdd2ae143271893e486d6b809c69e4615c556bc9f9e2ebf186c409685545e
+size 6166424
diff --git a/apache-tomcat-10.1.18-src.tar.gz.asc b/apache-tomcat-10.1.18-src.tar.gz.asc
new file mode 100644
index 0000000..c54ad21
--- /dev/null
+++ b/apache-tomcat-10.1.18-src.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmWYGCoACgkQHPApP6U8
+pFgFuhAAuP0n+aPDB9AokSY4TQfRNZuJRRof9IjWZENwsCN+/8s0vejBLtuyRrfR
+IFbE8DqdOFWZQTbuAWP4YtvBtXxTkwnNnkldhveABDOV63Fv5GyPtMHj2b2O1lay
+LS6v40oy4816/l9muBY8w0bdUp7QHF/bvftGkvAw3ukqYDpNYs2zjP+Zvf1rNelV
+Y9pXKoxfTe9JXKiggYHU/PuWEYsKvnBTos/lwJeNwr9yHo5lsOE2CQh4ix6O8OSP
+YhmW+XrJTWhpFJiX99iN3lKFBJ0ZkTK//MaYOhvlF8JEAClbl9AMZtwkTu0z/yTN
+jdUOMXB9mcABCHxibbEnSNEC1fTThvChvXFZxRfWlgdQr3PHGH6ncJKc9o3wNN1K
+VKp45dsuvYRWGwwBN+D//U7GaWAkFGH1Tuk5WYgmd42c7fkPEoQ0m8eomWyoOdcN
+OvtzypufTsrGM/Up7szgBOhCM7izy1t3qBQ+Zey5PHYiN8/astYtKbvb7XHaAP6O
+/RrB4JV6euvgRgf4RBLHJmwWkPEzBysL1GEhJez5JjxCQNijS+9zmWwHPmjTcp+v
+HVhG3AftBme3df2LR0AMzgfsQZsIiLdgcSrLqwmhl2N3rxZ2U5cRO/eyaMgia/Kw
+atGk0QMZYwKH/EB41r5EiNtG0BIuRIq4a7Ssb1y0YpJQWvc89wc=
+=pryG
+-----END PGP SIGNATURE-----
diff --git a/tomcat-10-CVE-2023-46589.patch b/tomcat-10-CVE-2023-46589.patch
deleted file mode 100644
index 04f256b..0000000
--- a/tomcat-10-CVE-2023-46589.patch
+++ /dev/null
@@ -1,307 +0,0 @@
-Index: apache-tomcat-10.1.14-src/java/org/apache/catalina/connector/BadRequestException.java
-===================================================================
---- /dev/null
-+++ apache-tomcat-10.1.14-src/java/org/apache/catalina/connector/BadRequestException.java
-@@ -0,0 +1,68 @@
-+/*
-+ * Licensed to the Apache Software Foundation (ASF) under one or more
-+ * contributor license agreements. See the NOTICE file distributed with
-+ * this work for additional information regarding copyright ownership.
-+ * The ASF licenses this file to You under the Apache License, Version 2.0
-+ * (the "License"); you may not use this file except in compliance with
-+ * the License. You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+package org.apache.catalina.connector;
-+
-+import java.io.IOException;
-+
-+/**
-+ * Extend IOException to identify it as being caused by a bad request from a remote client.
-+ */
-+public class BadRequestException extends IOException {
-+
-+ private static final long serialVersionUID = 1L;
-+
-+
-+ // ------------------------------------------------------------ Constructors
-+
-+ /**
-+ * Construct a new BadRequestException with no other information.
-+ */
-+ public BadRequestException() {
-+ super();
-+ }
-+
-+
-+ /**
-+ * Construct a new BadRequestException for the specified message.
-+ *
-+ * @param message Message describing this exception
-+ */
-+ public BadRequestException(String message) {
-+ super(message);
-+ }
-+
-+
-+ /**
-+ * Construct a new BadRequestException for the specified throwable.
-+ *
-+ * @param throwable Throwable that caused this exception
-+ */
-+ public BadRequestException(Throwable throwable) {
-+ super(throwable);
-+ }
-+
-+
-+ /**
-+ * Construct a new BadRequestException for the specified message and throwable.
-+ *
-+ * @param message Message describing this exception
-+ * @param throwable Throwable that caused this exception
-+ */
-+ public BadRequestException(String message, Throwable throwable) {
-+ super(message, throwable);
-+ }
-+}
-Index: apache-tomcat-10.1.14-src/java/org/apache/catalina/connector/ClientAbortException.java
-===================================================================
---- apache-tomcat-10.1.14-src.orig/java/org/apache/catalina/connector/ClientAbortException.java
-+++ apache-tomcat-10.1.14-src/java/org/apache/catalina/connector/ClientAbortException.java
-@@ -16,14 +16,12 @@
- */
- package org.apache.catalina.connector;
-
--import java.io.IOException;
--
- /**
- * Extend IOException to identify it as being caused by an abort of a request by a remote client.
- *
- * @author Glenn L. Nielsen
- */
--public final class ClientAbortException extends IOException {
-+public final class ClientAbortException extends BadRequestException {
-
- private static final long serialVersionUID = 1L;
-
-Index: apache-tomcat-10.1.14-src/java/org/apache/catalina/connector/InputBuffer.java
-===================================================================
---- apache-tomcat-10.1.14-src.orig/java/org/apache/catalina/connector/InputBuffer.java
-+++ apache-tomcat-10.1.14-src/java/org/apache/catalina/connector/InputBuffer.java
-@@ -29,6 +29,7 @@ import java.util.Map;
- import java.util.concurrent.ConcurrentHashMap;
-
- import jakarta.servlet.ReadListener;
-+import jakarta.servlet.RequestDispatcher;
-
- import org.apache.catalina.security.SecurityUtil;
- import org.apache.coyote.ActionCode;
-@@ -307,10 +308,24 @@ public class InputBuffer extends Reader
-
- try {
- return coyoteRequest.doRead(this);
-+ } catch (BadRequestException bre) {
-+ // Set flag used by asynchronous processing to detect errors on non-container threads
-+ coyoteRequest.setErrorException(bre);
-+ // In synchronous processing, this exception may be swallowed by the application so set error flags here.
-+ coyoteRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, bre);
-+ coyoteRequest.getResponse().setStatus(400);
-+ coyoteRequest.getResponse().setError();
-+ // Make the exception visible to the application
-+ throw bre;
- } catch (IOException ioe) {
-+ // Set flag used by asynchronous processing to detect errors on non-container threads
- coyoteRequest.setErrorException(ioe);
-- // An IOException on a read is almost always due to
-- // the remote client aborting the request.
-+ // In synchronous processing, this exception may be swallowed by the application so set error flags here.
-+ coyoteRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, ioe);
-+ coyoteRequest.getResponse().setStatus(400);
-+ coyoteRequest.getResponse().setError();
-+ // Any other IOException on a read is almost always due to the remote client aborting the request.
-+ // Make the exception visible to the application
- throw new ClientAbortException(ioe);
- }
- }
-Index: apache-tomcat-10.1.14-src/java/org/apache/catalina/core/ApplicationDispatcher.java
-===================================================================
---- apache-tomcat-10.1.14-src.orig/java/org/apache/catalina/core/ApplicationDispatcher.java
-+++ apache-tomcat-10.1.14-src/java/org/apache/catalina/core/ApplicationDispatcher.java
-@@ -41,7 +41,7 @@ import org.apache.catalina.AsyncDispatch
- import org.apache.catalina.Context;
- import org.apache.catalina.Globals;
- import org.apache.catalina.Wrapper;
--import org.apache.catalina.connector.ClientAbortException;
-+import org.apache.catalina.connector.BadRequestException;
- import org.apache.catalina.connector.Request;
- import org.apache.catalina.connector.RequestFacade;
- import org.apache.catalina.connector.Response;
-@@ -642,7 +642,7 @@ final class ApplicationDispatcher implem
- filterChain.doFilter(request, response);
- }
- // Servlet Service Method is called by the FilterChain
-- } catch (ClientAbortException e) {
-+ } catch (BadRequestException e) {
- ioException = e;
- } catch (IOException e) {
- wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
-@@ -653,7 +653,7 @@ final class ApplicationDispatcher implem
- wrapper.unavailable(e);
- } catch (ServletException e) {
- Throwable rootCause = StandardWrapper.getRootCause(e);
-- if (!(rootCause instanceof ClientAbortException)) {
-+ if (!(rootCause instanceof BadRequestException)) {
- wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()),
- rootCause);
- }
-Index: apache-tomcat-10.1.14-src/java/org/apache/catalina/core/StandardWrapperValve.java
-===================================================================
---- apache-tomcat-10.1.14-src.orig/java/org/apache/catalina/core/StandardWrapperValve.java
-+++ apache-tomcat-10.1.14-src/java/org/apache/catalina/core/StandardWrapperValve.java
-@@ -32,7 +32,7 @@ import org.apache.catalina.Container;
- import org.apache.catalina.Context;
- import org.apache.catalina.Globals;
- import org.apache.catalina.LifecycleException;
--import org.apache.catalina.connector.ClientAbortException;
-+import org.apache.catalina.connector.BadRequestException;
- import org.apache.catalina.connector.Request;
- import org.apache.catalina.connector.Response;
- import org.apache.catalina.valves.ValveBase;
-@@ -169,7 +169,7 @@ final class StandardWrapperValve extends
- }
-
- }
-- } catch (ClientAbortException | CloseNowException e) {
-+ } catch (BadRequestException | CloseNowException e) {
- if (container.getLogger().isDebugEnabled()) {
- container.getLogger().debug(
- sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);
-@@ -190,7 +190,7 @@ final class StandardWrapperValve extends
- // do not want to do exception(request, response, e) processing
- } catch (ServletException e) {
- Throwable rootCause = StandardWrapper.getRootCause(e);
-- if (!(rootCause instanceof ClientAbortException)) {
-+ if (!(rootCause instanceof BadRequestException)) {
- container.getLogger().error(sm.getString("standardWrapper.serviceExceptionRoot", wrapper.getName(),
- context.getName(), e.getMessage()), rootCause);
- }
-Index: apache-tomcat-10.1.14-src/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
-===================================================================
---- apache-tomcat-10.1.14-src.orig/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
-+++ apache-tomcat-10.1.14-src/test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java
-@@ -428,6 +428,83 @@ public class TestChunkedInputFilter exte
- }
- }
-
-+
-+ @Test
-+ public void testTrailerHeaderNameNotTokenThrowException() throws Exception {
-+ doTestTrailerHeaderNameNotToken(false);
-+ }
-+
-+ @Test
-+ public void testTrailerHeaderNameNotTokenSwallowException() throws Exception {
-+ doTestTrailerHeaderNameNotToken(true);
-+ }
-+
-+ private void doTestTrailerHeaderNameNotToken(boolean swallowException) throws Exception {
-+
-+ // Setup Tomcat instance
-+ Tomcat tomcat = getTomcatInstance();
-+
-+ // No file system docBase required
-+ Context ctx = tomcat.addContext("", null);
-+
-+ Tomcat.addServlet(ctx, "servlet", new SwallowBodyServlet(swallowException));
-+ ctx.addServletMappingDecoded("/", "servlet");
-+
-+ tomcat.start();
-+
-+ String[] request = new String[]{
-+ "POST / HTTP/1.1" + SimpleHttpClient.CRLF +
-+ "Host: localhost" + SimpleHttpClient.CRLF +
-+ "Transfer-encoding: chunked" + SimpleHttpClient.CRLF +
-+ "Content-Type: application/x-www-form-urlencoded" + SimpleHttpClient.CRLF +
-+ "Connection: close" + SimpleHttpClient.CRLF +
-+ SimpleHttpClient.CRLF +
-+ "3" + SimpleHttpClient.CRLF +
-+ "a=0" + SimpleHttpClient.CRLF +
-+ "4" + SimpleHttpClient.CRLF +
-+ "&b=1" + SimpleHttpClient.CRLF +
-+ "0" + SimpleHttpClient.CRLF +
-+ "x@trailer: Test" + SimpleHttpClient.CRLF +
-+ SimpleHttpClient.CRLF };
-+
-+ TrailerClient client = new TrailerClient(tomcat.getConnector().getLocalPort());
-+ client.setRequest(request);
-+
-+ client.connect();
-+ client.processRequest();
-+ // Expected to fail because of invalid trailer header name
-+ Assert.assertTrue(client.getResponseLine(), client.isResponse400());
-+ }
-+
-+ private static class SwallowBodyServlet extends HttpServlet {
-+ private static final long serialVersionUID = 1L;
-+
-+ private final boolean swallowException;
-+
-+ SwallowBodyServlet(boolean swallowException) {
-+ this.swallowException = swallowException;
-+ }
-+
-+ @Override
-+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
-+ throws ServletException, IOException {
-+ resp.setContentType("text/plain");
-+ PrintWriter pw = resp.getWriter();
-+
-+ // Read the body
-+ InputStream is = req.getInputStream();
-+ try {
-+ while (is.read() > -1) {
-+ }
-+ pw.write("OK");
-+ } catch (IOException ioe) {
-+ if (!swallowException) {
-+ throw ioe;
-+ }
-+ }
-+ }
-+ }
-+
- private static class EchoHeaderServlet extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
-Index: apache-tomcat-10.1.14-src/webapps/docs/changelog.xml
-===================================================================
---- apache-tomcat-10.1.14-src.orig/webapps/docs/changelog.xml
-+++ apache-tomcat-10.1.14-src/webapps/docs/changelog.xml
-@@ -129,6 +129,11 @@
- Improve handling of failures within recycle() methods.
- (markt)
-
-+
-+ Ensure that an IOException during the reading of the
-+ request triggers always error handling, regardless of whether the
-+ application swallows the exception. (markt)
-+
-
-
-
-@@ -170,7 +175,7 @@
-
- Improvements to HTTP/2 overhead protection. (markt)
-
--
-+d
-
-
-
diff --git a/java11.patch b/tomcat-10.0-build-with-java-11.patch
similarity index 60%
rename from java11.patch
rename to tomcat-10.0-build-with-java-11.patch
index 28f2061..0f07d99 100644
--- a/java11.patch
+++ b/tomcat-10.0-build-with-java-11.patch
@@ -1,7 +1,8 @@
-diff -urEbwB apache-tomcat-10.1.16-src.orig/build.xml apache-tomcat-10.1.16-src/build.xml
---- apache-tomcat-10.1.16-src.orig/build.xml 2024-01-17 17:25:04.525014965 +0100
-+++ apache-tomcat-10.1.16-src/build.xml 2024-01-17 17:25:34.891882458 +0100
-@@ -107,7 +107,7 @@
+Index: apache-tomcat-10.1.18-src/build.xml
+===================================================================
+--- apache-tomcat-10.1.18-src.orig/build.xml
++++ apache-tomcat-10.1.18-src/build.xml
+@@ -108,7 +108,7 @@
diff --git a/tomcat10.changes b/tomcat10.changes
index 28d6489..73ef7ac 100644
--- a/tomcat10.changes
+++ b/tomcat10.changes
@@ -1,18 +1,150 @@
+-------------------------------------------------------------------
+Wed Jan 17 15:59:25 UTC 2024 - Michele Bussolotto
+
+- Update to Tomcat 10.1.18
+ * Fixed CVEs:
+ + CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
+ incorrect headers parsing (bsc#1217649)
+ * Catalina
+ + Update: 68378: Align extension to MIME type mappings in the
+ global web.xml with those in httpd by adding
+ application/vnd.geogebra.slides for ggs, text/javascript for mjs
+ and audio/ogg for opus. (markt)
+ + Fix: Background processes should not be run concurrently with
+ lifecycle operations of a container. (remm)
+ + Fix: Correct unintended escaping of XML in some WebDAV
+ responses. The XML list of support locks when provided in
+ response to a PROPFIND request was incorrectly XML escaped.
+ (markt)
+ + Fix: 68227: Ensure that AsyncListener.onComplete() is called
+ if AsyncListener.onError() calls AsyncContext.dispatch().
+ (markt)
+ + Fix: 68228: Use a 408 status code if a read timeout occurs
+ during HTTP request processing. Includes a test case based on
+ code provided by adwsingh. (markt)
+ + Fix: 67667: TLSCertificateReloadListener prints unreadable
+ rendering of X509Certificate#getNotAfter(). (michaelo)
+ + Update: The status servlet included in the manager webapp
+ can now output statistics as JSON, using the JSON=true URL
+ parameter. (remm)
+ + Update: Optionally allow ServiceBindingPropertySource to
+ trim a trailing newline from a file containing a
+ property-value. (schultz)
+ + Fix: 67793: Ensure the original session timeout is restored
+ after FORM authentication if the user refreshes a page during
+ the FORM authentication process. Based on a suggestion by
+ Mircea Butmalai. (markt)
+ + Update: 67926: PEMFile prints unidentifiable string
+ representation of ASN.1 OIDs. (michaelo)
+ + Fix: 66875: Ensure that setting the request attribute
+ jakarta.servlet.error.exception is not sufficient to trigger
+ error handling for the current request and response. (markt)
+ + Fix: 68054: Avoid some file canonicalization calls
+ introduced by the fix for 65433. (remm)
+ + Fix: 68089: Improve performance of request attribute access
+ for ApplicationHttpRequest and ApplicationRequest. (markt)
+ + Fix: Use a 400 status code to report an error due to a bad
+ request (e.g. an invalid trailer header) rather than a 500
+ status code. (markt)
+ + Fix: Ensure that an IOException during the reading of the
+ request triggers always error handling, regardless of whether
+ the application swallows the exception. (markt)
+ * Coyote
+ + Fix: Refactor the VirtualThreadExecutor so that it can be
+ used by the NIO2 connector which was using platform threads
+ even when configured to use virtual threads. (markt)
+ + Fix: Correct a regression in the fix for 67675 that broke
+ TLS key file parsing for PKCS#8 format keys that do not specify
+ an explicit pseudo-random function and rely on the default.
+ This typically affects keys generated by OpenSSL 1.0.2.
+ (markt)
+ + Fix: Allow multiple operations with the same name on
+ introspected mbeans, fixing a regression caused by the
+ introduction of a second addSslHostConfig method. (remm)
+ + Fix: Relax the check that the HTTP Host header is consistent
+ with the host used in the request line, if any, to make the
+ check case insensitive since host names are case insensitive.
+ (markt)
+ + Add: 68348: Add support for the partitioned attribute for
+ cookies. (markt)
+ + Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and
+ SSLHostConfig#certificateKeystorePasswordFile. (michaelo)
+ + Add: When calling
+ SSLHostConfigCertificate.setCertificateKeystore(ks),
+ automatically call setCertificateKeystoreType(ks.getType()).
+ (markt)
+ + Fix: 67628: Clarify how the ciphers attribute of the
+ SSLHostConfig is used. (markt)
+ + Fix: 67666: Ensure TLS connectors using PEM files either
+ work with the TLSCertificateReloadListener or, in the rare case
+ that they do not, log a warning on Connector start. (markt)
+ + Fix: 67675: Support a wider range of KDF and ciphers for PEM
+ files than the combinations supported by the JVM by default.
+ Specifically, support the OpenSSL default of HmacSHA256 and
+ DES-EDE3-CBC. (markt)
+ + Fix: 67927: Reloading TLS configuration can cause the
+ Connector to refuse new connections or the JVM to crash.
+ (markt)
+ + Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are
+ available, prefer 1.2.x since it supports the APR/Native
+ connector whereas 2.0.x does not. (markt)
+ + Fix: 67938: Correct handling of large TLS client hello
+ messages that were causing the TLS handshake to fail. (markt)
+ + Fix: 68026: Convert selected MessageByte values to String
+ when first accessed to speed up subsequent accesses and reduce
+ garbage collection. (markt)
+ * Jasper
+ + Code: 68119: Refactor the CompositeELResolver to improve
+ performance during type conversion operations. (markt)
+ + Fix: 68068: Performance improvement for EL. Based on a
+ suggestion by John Engebretson. (markt)
+ * Web Applications
+ + Fix: 68035: Additional fix to the Manager application to
+ enable the deployment of a web application located in a Host's
+ appBase where the web application is specified by a bare (no
+ path) WAR or directory name as shown in the documentation.
+ (markt)
+ + Fix: Examples. Improve the error handling so snakes
+ associated with a user that drops from the network are removed
+ from the game. (markt)
+ + Fix: 68035: Correct a regression in the fix for 56248 that
+ prevented deployment via the Manager of a WAR or directory that
+ was already present in the appBase or a context file that was
+ already present in the xmlBase. (markt)
+ * Other
+ + Update: Update Checkstyle to 10.12.7. (markt)
+ + Update: Update SpotBugs to 4.8.3. (markt)
+ + Add: Improvements to French translations. (remm)
+ + Add: Improvements to Japanese translations by tak7iji.
+ (markt)
+ + Update: Update UnboundID to 6.0.11. (markt)
+ + Update: Update Checkstyle to 10.12.5. (markt)
+ + Update: Update SpotBugs to 4.8.2. (markt)
+ + Update: Update Derby to 10.17.1. (markt)
+ + Add: Improvements to French translations. (remm)
+ + Add: Improvements to Japanese translations by tak7iji.
+ (markt)
+ + Add: Improvements to Brazilian Portuguese translations by
+ John William Vicente. (markt)
+ + Add: Improvements to Russian translations by usmazat and
+ remm. (markt)
+ + Add: 67538: Make use of Ant's task to enfore
+ the mininum Java build version. (michaelo)
+ + Update: Update Checkstyle to 10.12.4. (markt)
+ + Update: Update JaCoCo to 0.8.11. (markt)
+ + Update: Update SpotBugs to 4.8.0. (markt)
+ + Update: Update BND to 7.0.0. (markt)
+ + Update: The minimum Java version required to build Tomcat
+ has been raised to Java 17. (markt)
+ + Update: Update the OWB module to Apache OpenWebBeans 4.0.0.
+ (remm)
+
-------------------------------------------------------------------
Wed Jan 17 15:35:51 UTC 2024 - Michele Bussolotto
- change server.xml during %post instead of %posttrans
- add libxslt-tools requirement
--------------------------------------------------------------------
-Wed Jan 17 15:35:40 UTC 2024 - Michele Bussolotto
-
-- Fixed CVEs:
- * CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
- incorrect headers parsing (bsc#1217649)
-- Added patches:
- * tomcat-10-CVE-2023-46589.patch
-
-------------------------------------------------------------------
Tue Jan 16 09:05:32 UTC 2024 - Michele Bussolotto
diff --git a/tomcat10.spec b/tomcat10.spec
index f041371..40349fc 100644
--- a/tomcat10.spec
+++ b/tomcat10.spec
@@ -29,7 +29,7 @@
%define elspec %{elspec_major}.%{elspec_minor}
%define major_version 10
%define minor_version 1
-%define micro_version 16
+%define micro_version 18
%define java_major 1
%define java_minor 11
%define java_version %{java_major}.%{java_minor}
@@ -71,7 +71,6 @@ Source21: %{app_name}-functions
Source30: %{app_name}-preamble
Source31: %{app_name}-server
Source32: %{app_name}-named.service
-Source33: tomcat-10-CVE-2023-46589.patch
Source100: valve.xslt
Source101: allowLinking.xslt
Source1000: %{app_name}-rpmlintrc
@@ -93,7 +92,7 @@ Patch5: %{app_name}-jdt.patch
Patch6: %{app_name}-secretRequired-default.patch
Patch7: %{app_name}-fix_catalina.patch
Patch8: %{app_name}-logrotate_everything.patch
-Patch9: java11.patch
+Patch9: tomcat-10.0-build-with-java-11.patch
BuildRequires: ant >= 1.10.2
BuildRequires: ant-antlr
BuildRequires: apache-commons-collections