You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/01/06 11:17:12 UTC

[tomcat] branch 8.5.x updated: Add CVE info

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new abb7d43  Add CVE info
abb7d43 is described below

commit abb7d439a3b6ff166851e53a09931af589161465
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jan 6 11:16:38 2020 +0000

    Add CVE info
---
 webapps/docs/changelog.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d6d1cc2..47d4896 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -193,7 +193,7 @@
       <fix>
         Refactor FORM authentication to reduce duplicate code and to ensure that
         the authenticated Principal is not cached in the session when caching is
-        disabled. (markt)
+        disabled. This is the fix for CVE-2019-17563. (markt/kkolinko)
       </fix>
     </changelog>
   </subsection>
@@ -375,7 +375,8 @@
         year and may be removed as soon as the next 8.5.x release. (markt)
       </fix>
       <fix>
-       Refactor JMX remote RMI registry creation. (remm)
+       Refactor JMX remote RMI registry creation. This is the fix for
+       CVE-2019-12418. (remm)
       </fix>
     </changelog>
   </subsection>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org