[Bug 262975] www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 262975] www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 262975] www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 262975] www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 262975] www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 01 Apr 2022 10:27:40 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262975
Bug ID: 262975
Summary: www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62,
10.0.20, 10.1.0-M14
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://tomcat.apache.org
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs@FreeBSD.org
Reporter: vvd@unislabs.com
Attachment #232859 maintainer-approval+
Flags:
Flags: merge-quarterly?
Created attachment 232859
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=232859&action=edit
update to 8.5.78
For all versions:
Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring
Framework vulnerability: Effectively disable the
WebappClassLoaderBase.getResources() method as it is not used and if something
accidently exposes the class loader this method can be used to gain access to
Tomcat internals.
Tested on 12.3-p4 amd64: make check-plist/install/run.
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.78_(markt)
--
You are receiving this mail because:
You are the assignee for the bug.