You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/01/06 11:17:30 UTC

[tomcat] branch 7.0.x updated: Add CVE info

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new 7aaaf4b  Add CVE info
7aaaf4b is described below

commit 7aaaf4b54eb72d506ef73e7dbb0cf27c4632a47b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jan 6 11:17:10 2020 +0000

    Add CVE info
---
 webapps/docs/changelog.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index db2a11d..6c2e7b3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -132,7 +132,7 @@
       <fix>
         Refactor FORM authentication to reduce duplicate code and to ensure that
         the authenticated Principal is not cached in the session when caching is
-        disabled. (markt)
+        disabled. This is the fix for CVE-2019-17563. (markt/kkolinko)
       </fix>
       <update>
         Do not store username and password as session notes during
@@ -231,7 +231,8 @@
         <bug>63905</bug> Clean up Tomcat CSS. (michaelo)
       </update>
       <fix>
-       Refactor JMX remote RMI registry creation. (remm)
+       Refactor JMX remote RMI registry creation. This is the fix for
+       CVE-2019-12418. (remm)
       </fix>
     </changelog>
   </subsection>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org