Apache Tomcat JSP API implementation classes.
Homepage | http://tomcat.apache.org/ |
---|
7.0.76

Distribution | Version | Since | Package | Installed | Packager | |
---|---|---|---|---|---|---|
![]() | rpm | 7.0.76-9.el7_6 | 2020-01-07 | 94.2 kiB | 89.8 kiB | CentOS BuildSystem |
![]() | rpm | 7.0.76-11.el7_7 | 2020-03-18 | 95.2 kiB | 89.8 kiB | CentOS BuildSystem |
Latest updates

CentOS 7.7.1908 updates: Version 7.0.76-11.el7_7 introduced
2020-03-18
- Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

CentOS 7.7.1908 os: Version 7.0.76-9.el7_6 introduced
2020-01-07
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet

CentOS 7.6.1810 cr: Version 7.0.76-9.el7 introduced
2019-08-30
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
- Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
- Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
- Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
- Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
- Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
- Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
- Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values

CentOS 7.6.1810 updates: Updated from 7.0.76-8.el7_5 to 7.0.76-9.el7_6
2019-03-18
- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet

CentOS 7.6.1810 updates: Version 7.0.76-8.el7_5 introduced
2019-01-14
- Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS

CentOS 7.6.1810 os: Version 7.0.76-7.el7_5 introduced
2019-01-14
- Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session.

CentOS 7.4.1708 updates: Version 7.0.76-3.el7_4 introduced
2017-11-10
- Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
- Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
- Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision

CentOS 7.4.1708 os: Version 7.0.76-2.el7 introduced
2017-11-10
- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used
Related packages
tomcat - Apache Servlet/JSP/EL Engine, RI for Servlet 4.0/JSP 2.3/EL 3.0 API