Date: Fri, 01 Apr 2022 10:27:40 +0000
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 262975] www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14
Message-ID: <bug-262975-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262975 Bug ID: 262975 Summary: www/tomcat{85,9,10,-devel}: Update to 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14 Product: Ports & Packages Version: Latest Hardware: Any URL: https://tomcat.apache.org OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: vvd@unislabs.com Attachment #232859 maintainer-approval+ Flags: Flags: merge-quarterly? Created attachment 232859 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D232859&action= =3Dedit update to 8.5.78 For all versions: Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability: Effectively disable the WebappClassLoaderBase.getResources() method as it is not used and if someth= ing accidently exposes the class loader this method can be used to gain access = to Tomcat internals. Tested on 12.3-p4 amd64: make check-plist/install/run. https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.78_(mark= t) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-262975-7788>