Navigation:
Browse pkgsrc
(this page)Log Message: Update to 7.0.90 Changelog: Tomcat 7.0.90 (violetagg) Catalina fix 62498: Correct a regression in the fix for CVE-2017-12617 that caused \ request failures for some requests when using the VirtualDirContext. (markt) fix Delete reference to removed class that prevented Tomcat from starting when \ running under a security manager. (markt) Tomcat 7.0.89 (violetagg) not released Catalina fix JNDI resources that are defined with injection targets but no value are now \ treated as if the resource is not defined. (markt) fix Ensure that JNDI names used for <lookup-name> entries in web.xml and \ for lookup elements of @Resource annotations specify a name with an explicit \ java: namespace. (markt) add 51953: Add the RemoteCIDRFilter and RemoteCIDRValve that can be used to \ allow/deny requests based on IPv4 and/or IPv6 client address where the IP ranges \ are defined using CIDR notation. Based on a patch by Francis Galiegue. (markt) fix 62343: Make CORS filter defaults more secure. This is the fix for \ CVE-2018-8014. (markt) fix Make all loggers associated with Tomcat provided Filters non-static to \ ensure that log messages are not lost when a web application is reloaded. \ (markt) fix Correct the manifest for the annotations-api.jar. The JAR implements the \ Common Annotations API 1.1 and the manifest should reflect that. (markt) fix Switch to non-static loggers where there is a possibility of a logger \ becoming associated with a web application class loader causing log messages to \ be lost if the web application is stopped. (markt) add 62389: Add the IPv6 loopback address to the default internalProxies regular \ expression. Patch by Craig Andrews. (markt) fix In the RemoteIpValve and RemoteIpFilter, correctly handle the case when the \ request passes through one or more trustedProxies but no internalProxies. Based \ on a patch by zhanhb. (markt) fix Correct the logic in MBeanFactory.removeConnector() to ensure that the \ correct Connector is removed when there are multiple Connectors using different \ addresses but the same port. (markt) fix Make JAASRealm mis-configuration more obvious by requiring the \ authenticated Subject to include at least one Principal of a type specified by \ userClassNames. (markt) fix 62476: Use GMT timezone for the value of Expires header as required by HTTP \ specification (RFC 7231, 7234). (kkolinko)
| Revision | Action | file |
| 1.37 | modify | pkgsrc/www/apache-tomcat7/Makefile |
| 1.31 | modify | pkgsrc/www/apache-tomcat7/distinfo |
New packages: