Linux repositories inspector

libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries

Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Oracle, and provides a "pure Java" HTTP web server environment for Java code to run.
This package contains the Tomcat core classes which can be used by other Java applications to embed Tomcat.
8.5.50
Debian iconDebian 9.0
8.5.39
Debian iconDebian experimental
Ubuntu iconUbuntu 18.04 LTS
Ubuntu iconUbuntu 18.10
8.5.38
Debian iconDebian 9.0
8.5.34
Ubuntu iconUbuntu 18.10
8.5.30
Ubuntu iconUbuntu 18.04 LTS
8.5.21
Ubuntu iconUbuntu 17.10
8.0.32
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian experimental experimental/maindeb8.5.39-12019-03-254.76 MiB5.61 MiB
Debian iconDebian 9.0 stretch/maindeb8.5.50-0+deb9u1Feb 085.09 MiB5.98 MiB
Debian iconDebian 9.0 stretch-backports/maindeb8.5.38-2~bpo9+12019-03-154.79 MiB5.64 MiB
Ubuntu iconUbuntu 17.10 artful/maindeb8.5.21-1ubuntu12017-11-104.64 MiB5.48 MiB
Ubuntu iconUbuntu 17.10 artful-security/maindeb8.5.21-1ubuntu1.12018-06-124.64 MiB5.49 MiB
Ubuntu iconUbuntu 17.10 artful-updates/maindeb8.5.21-1ubuntu1.12018-06-124.64 MiB5.49 MiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb8.5.30-1ubuntu12018-06-194.68 MiB5.53 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-security/universedeb8.5.39-1ubuntu1~18.04.3Sep 104.76 MiB5.61 MiB
Ubuntu iconUbuntu 18.04 LTS bionic-updates/universedeb8.5.39-1ubuntu1~18.04.3Sep 104.76 MiB5.61 MiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb8.5.34-1ubuntu12019-01-144.73 MiB5.58 MiB
Ubuntu iconUbuntu 18.10 cosmic-security/universedeb8.5.39-1ubuntu1~18.10Jun 174.76 MiB5.61 MiB
Ubuntu iconUbuntu 18.10 cosmic-updates/universedeb8.5.39-1ubuntu1~18.10Jun 174.76 MiB5.61 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/maindeb8.0.32-1ubuntu12017-11-104.43 MiB5.23 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-security/maindeb8.0.32-1ubuntu1.11Jan 274.44 MiB5.24 MiB
Ubuntu iconUbuntu 16.04 LTS xenial-updates/maindeb8.0.32-1ubuntu1.11Jan 274.44 MiB5.24 MiB

Latest updates

Debian icon

Debian 9.0 stretch-proposed-updates/main: Version 8.5.50-0+deb9u1 removed

Feb 08
Debian icon

Debian 9.0 stretch/main: Updated from 8.5.14-1+deb9u3 to 8.5.50-0+deb9u1

Feb 08
  • Team upload.
  • Fix CVE-2018-11784, CVE-2018-8014, CVE-2019-0199, CVE-2019-0221, CVE-2019-12418, CVE-2019-17563.
    Several security vulnerabilities were found in Tomcat 8 that may lead to denial-of-service or local privilege escalation.
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Updated from 8.0.32-1ubuntu1.10 to 8.0.32-1ubuntu1.11

Jan 27
  • SECURITY UPDATE: JMX interface authentication bypass
    • debian/patches/CVE-2019-12418.patch: refactor JMX remote RMI registry creation in JmxRemoteLifecycleListener.java.
    • CVE-2019-12418
  • SECURITY UPDATE: session fixation attack in FORM authentication
    • debian/patches/CVE-2019-17563.patch: refactor so Principal is never cached in session with cache==false in
      java/org/apache/catalina/authenticator/AuthenticatorBase.java, java/org/apache/catalina/authenticator/Constants.java, java/org/apache/catalina/authenticator/FormAuthenticator.java.
    • CVE-2019-17563
Ubuntu icon

Ubuntu 16.04 LTS xenial-security/main: Updated from 8.0.32-1ubuntu1.10 to 8.0.32-1ubuntu1.11

Jan 27
  • SECURITY UPDATE: JMX interface authentication bypass
    • debian/patches/CVE-2019-12418.patch: refactor JMX remote RMI registry creation in JmxRemoteLifecycleListener.java.
    • CVE-2019-12418
  • SECURITY UPDATE: session fixation attack in FORM authentication
    • debian/patches/CVE-2019-17563.patch: refactor so Principal is never cached in session with cache==false in
      java/org/apache/catalina/authenticator/AuthenticatorBase.java, java/org/apache/catalina/authenticator/Constants.java, java/org/apache/catalina/authenticator/FormAuthenticator.java.
    • CVE-2019-17563
Debian icon

Debian 9.0 stretch-proposed-updates/main: Version 8.5.50-0+deb9u1 introduced

Dec 29
  • Team upload.
  • Fix CVE-2018-11784, CVE-2018-8014, CVE-2019-0199, CVE-2019-0221, CVE-2019-12418, CVE-2019-17563.
    Several security vulnerabilities were found in Tomcat 8 that may lead to denial-of-service or local privilege escalation.
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Version 8.0.32-1ubuntu1.10 reintroduced

Oct 02
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Version 8.0.32-1ubuntu1.10 removed

Oct 02
Ubuntu icon

Ubuntu 16.04 LTS xenial-security/main: Updated from 8.0.32-1ubuntu1.8 to 8.0.32-1ubuntu1.10

Sep 10
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Updated from 8.0.32-1ubuntu1.9 to 8.0.32-1ubuntu1.10

Sep 10
Ubuntu icon

Ubuntu 18.04 LTS bionic-security/universe: Updated from 8.5.39-1ubuntu1~18.04.1 to 8.5.39-1ubuntu1~18.04.3

Sep 10
  • SECURITY UPDATE: XSS attack on SSI printenv command
    • debian/patches/CVE-2019-0221.patch: escape debug output to aid readability
    • CVE-2019-0221
  • SECURITY UPDATE: DoS via thread exhaustion
    • debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout handling to connection window exhaustion on write.
    • debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle full allocation case.
    • CVE-2019-10072
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Updated from 8.5.39-1ubuntu1~18.04.2 to 8.5.39-1ubuntu1~18.04.3

Sep 10
  • SECURITY UPDATE: XSS attack on SSI printenv command
    • debian/patches/CVE-2019-0221.patch: escape debug output to aid readability
    • CVE-2019-0221
  • SECURITY UPDATE: DoS via thread exhaustion
    • debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout handling to connection window exhaustion on write.
    • debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle full allocation case.
    • CVE-2019-10072
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 8.5.39-1ubuntu1~18.04.2 reintroduced

Sep 05
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 8.5.39-1ubuntu1~18.04.2 removed

Sep 05
Debian icon

Debian 9.0 stretch-backports/main: Version 8.5.38-2~bpo9+1 reintroduced

Aug 16
  • Rebuild for stretch-backports.
  • Team upload.
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Version 8.0.32-1ubuntu1.9 reintroduced

Aug 15
  • d/p/fix-class-resource-name-filtering.patch: Fix class and resource name filtering in WebappClassLoader (LP: #1606331).
Debian icon

Debian 9.0 stretch-backports/main: Version 8.5.38-2~bpo9+1 removed

Aug 15
Ubuntu icon

Ubuntu 16.04 LTS xenial-updates/main: Version 8.0.32-1ubuntu1.9 removed

Aug 15
Ubuntu icon

Ubuntu 16.04 LTS xenial-security/main: Version 8.0.32-1ubuntu1.8 reintroduced

Aug 02
  • SECURITY UPDATE: arbitrary redirect issue
    • debian/patches/CVE-2018-11784.patch: avoid protocol relative redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    • CVE-2018-11784
Ubuntu icon

Ubuntu 18.04 LTS bionic-updates/universe: Version 8.5.39-1ubuntu1~18.04.2 reintroduced

Aug 02
Ubuntu icon

Ubuntu 18.04 LTS bionic-security/universe: Version 8.5.39-1ubuntu1~18.04.1 reintroduced

Aug 02
Matthias Klose
  • Backport for OpenJDK 11. LP: #1817567.
    /usr/share/doc/tomcat8/NEWS.gz. LP: #1819721.
Tiago Stürmer Daitx
  • debian/tomcat8.service: removed, use the init.d script instead. LP: #1819721.
  • debian/tomcat8.init, debian/logging.properties: revert back to the conffiles from the previous version; this allows unattended-upgrades to update tomcat8 even when local changes are present.
  • debian/series: no longer apply 0023-disable-shutdown-by-socket.patch so server.xml conffile is unmodified from previous version.
⇧ Top