[
https://issues.apache.org/jira/browse/OFBIZ-11407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-11407:
------------------------------------
Summary: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (was: Upgrade Tomcat from 9.0.29 to 9.0.31)
> Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)
> ----------------------------------------------------
>
> Key: OFBIZ-11407
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11407> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Michael Brohl
> Assignee: Michael Brohl
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.30.
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and JASPIC technologies.
> Apache Tomcat 9.0.31 is a bugfix and feature release. The notable
> changes compared to 9.0.30 include:
> - AJP defaults changed to listen the loopback address, require a secret
> and to be disabled in the sample server.xml
> - The JmxRemoteLifecycleListener is now deprecated
> - The HTTP Connector attribute rejectIllegalHeaderName is renamed to
> rejectIllegalHeader and expanded to include header values as well as
> names
> Please refer to the change log for the complete list of changes:
> [
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html]
>
> EDIT: see security fixes at [
http://tomcat.apache.org/security-9.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
