[jira] [Updated] (OFBIZ-12165) Upgrade Tomcat from 9.0.41 to 9.0.43

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Updated] (OFBIZ-12165) Upgrade Tomcat from 9.0.41 to 9.0.43

ASF subversion and git services (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-12165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-12165:
    Fix Version/s:     (was: Upcoming Branch)

> Upgrade Tomcat from 9.0.41 to 9.0.43
> ------------------------------------
>                 Key: OFBIZ-12165
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12165
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Release Branch 18.12, Trunk, 17.12.05
>            Reporter: Michael Brohl
>            Assignee: Michael Brohl
>            Priority: Minor
>              Labels: backport-needed
>             Fix For: 18.12.01, 17.12.06
> Needs backport because of the CVE reports: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43
> The Apache Tomcat team announces the immediate availability of Apache
>  Tomcat 9.0.43.
> Apache Tomcat 9 is an open source software implementation of the Java
>  Servlet, JavaServer Pages, Java Unified Expression Language, Java
>  WebSocket and JASPIC technologies.
> Apache Tomcat 9.0.43 is a bugfix and feature release. The notable
>  changes compared to 9.0.41 include:
>  - Add support for using Unix domain sockets for NIO when running on Java
>  16 or later.
>  - Add a new StringInterpreter interface that allows applications to
>  provide customised string attribute value to type conversion within
>  JSPs. This allows applications to provide a conversion implementation
>  that is optimised for the application.
>  - Add peerAddress to coyote request, which contains the IP address of
>  the direct connection peer. If a reverse proxy sits in front of Tomcat
>  and the RemoteIp(Valve|Filter) is used, the peerAddress is likely to
>  differ from the remoteAddress. The remoteAddress is likely to contain
>  the address of the client in front of the reverse proxy, not the
>  address of the proxy itself.
> Please refer to the change log for the complete list of changes:
>  [http://tomcat.apache.org/tomcat-9.0-doc/changelog.html]

This message was sent by Atlassian Jira