HomeFreeBSD
Diffusion FreeBSD ports repository cbc9cfb51de1

www/tomcat10: Update to 10.0.20
cbc9cfb51de1
Actions

Description

www/tomcat10: Update to 10.0.20

Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability: Effectively disable the
WebappClassLoaderBase.getResources() method as it is not used and
if something accidently exposes the class loader this method can be used to gain
access to Tomcat internals.

Changes: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M14_(markt)

PR: 262975

Details

Provenance
vvdAuthored on Apr 1 2022, 10:47 AM
Mikael Urankar <mikael@FreeBSD.org>Committed on Apr 1 2022, 10:57 AM
Parents
R11:e9395fe9f8bf: www/tomcat9: Update to 9.0.62
Branches
Unknown
Tags
Unknown

Event Timeline

Mikael Urankar <mikael@FreeBSD.org> committed R11:cbc9cfb51de1: www/tomcat10: Update to 10.0.20 (authored by vvd).Apr 1 2022, 10:57 AM

Changes (2)

PathSize
www/
tomcat10/

R11:cbc9cfb51de1

View Options

www/tomcat10/Makefile

Loading...
View Options

www/tomcat10/distinfo

Loading...