[jira] [Updated] (OFBIZ-12165) Upgrade Tomcat from 9.0.41 to 9.0.43
Locked
[jira] [Updated] (OFBIZ-12165) Upgrade Tomcat from 9.0.41 to 9.0.43
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-12165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-12165: ---------------------------------- Description: Needs backport because of the CVE reports: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43 The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.43. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.43 is a bugfix and feature release. The notable changes compared to 9.0.41 include: - Add support for using Unix domain sockets for NIO when running on Java 16 or later. - Add a new StringInterpreter interface that allows applications to provide customised string attribute value to type conversion within JSPs. This allows applications to provide a conversion implementation that is optimised for the application. - Add peerAddress to coyote request, which contains the IP address of the direct connection peer. If a reverse proxy sits in front of Tomcat and the RemoteIp(Valve|Filter) is used, the peerAddress is likely to differ from the remoteAddress. The remoteAddress is likely to contain the address of the client in front of the reverse proxy, not the address of the proxy itself. Please refer to the change log for the complete list of changes: [http://tomcat.apache.org/tomcat-9.0-doc/changelog.html] was: The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.43. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.43 is a bugfix and feature release. The notable changes compared to 9.0.41 include: - Add support for using Unix domain sockets for NIO when running on Java 16 or later. - Add a new StringInterpreter interface that allows applications to provide customised string attribute value to type conversion within JSPs. This allows applications to provide a conversion implementation that is optimised for the application. - Add peerAddress to coyote request, which contains the IP address of the direct connection peer. If a reverse proxy sits in front of Tomcat and the RemoteIp(Valve|Filter) is used, the peerAddress is likely to differ from the remoteAddress. The remoteAddress is likely to contain the address of the client in front of the reverse proxy, not the address of the proxy itself. Please refer to the change log for the complete list of changes: [http://tomcat.apache.org/tomcat-9.0-doc/changelog.html] > Upgrade Tomcat from 9.0.41 to 9.0.43 > ------------------------------------ > > Key: OFBIZ-12165 > URL: https://issues.apache.org/jira/browse/OFBIZ-12165 > Project: OFBiz > Issue Type: Sub-task > Components: framework > Affects Versions: Release Branch 18.12, Trunk > Reporter: Michael Brohl > Assignee: Michael Brohl > Priority: Minor > Labels: backport-needed > Fix For: Upcoming Branch > > > Needs backport because of the CVE reports: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43 > > The Apache Tomcat team announces the immediate availability of Apache > Tomcat 9.0.43. > Apache Tomcat 9 is an open source software implementation of the Java > Servlet, JavaServer Pages, Java Unified Expression Language, Java > WebSocket and JASPIC technologies. > Apache Tomcat 9.0.43 is a bugfix and feature release. The notable > changes compared to 9.0.41 include: > - Add support for using Unix domain sockets for NIO when running on Java > 16 or later. > - Add a new StringInterpreter interface that allows applications to > provide customised string attribute value to type conversion within > JSPs. This allows applications to provide a conversion implementation > that is optimised for the application. > - Add peerAddress to coyote request, which contains the IP address of > the direct connection peer. If a reverse proxy sits in front of Tomcat > and the RemoteIp(Valve|Filter) is used, the peerAddress is likely to > differ from the remoteAddress. The remoteAddress is likely to contain > the address of the client in front of the reverse proxy, not the > address of the proxy itself. > Please refer to the change log for the complete list of changes: > [http://tomcat.apache.org/tomcat-9.0-doc/changelog.html] > -- This message was sent by Atlassian Jira (v8.3.4#803005) |
«
Return to OFBiz - Notifications
|
1 view|%1 views
| Free forum by Nabble | Edit this page |