[
https://issues.apache.org/jira/browse/OFBIZ-9813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dennis Balkir updated OFBIZ-9813:
---------------------------------
Attachment: OFBIZ-9813_tomcat-update.8_5_23.patch
changed the dependencies in the {{build.gradle}} file from 8.5.20 to 8.5.23, made a test and testIntegration and started and tested ofbiz
> Update to Tomcat 8.5.23
> -----------------------
>
> Key: OFBIZ-9813
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9813> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Michael Brohl
> Assignee: Michael Brohl
> Attachments: OFBIZ-9813_tomcat-update.8_5_23.patch
>
>
> There is a new Tomcat version available which fixes a CVE:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 8.5.23.
> Tomcat 8.x users should normally be using 8.5.x releases in preference
> to 8.0.x releases.
> Apache Tomcat 8 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and Java Authentication Service Provider Interface for
> Containers technologies.
> Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
> features pulled forward from the 9.0.x branch. The notable changes since
> 8.5.20 include:
> - Fix CVE-2017-12617
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
> JARs to the work directory for improved performance when deploying
> packed WAR files.
> - Additional capabilities for the CGI Servlet. Based on patches provided
> by jm009.
> - Added support for the OpenSSL SSL_CONF API. To support this the
> minimum required Tomcat Native version is 1.2.14.
> Please refer to the change log for the complete list of changes:
>
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
