import OL tomcat-9.0.87-1.el8_10.7

2025-12-11 08:42:12 +00:00 · 2025-12-11 08:42:12 +00:00 · 04895e9d5d
commit 04895e9d5d
parent 97023bbbff
3 changed files with 10 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/tomcat-9.0.87.redhat-00012-src.zip
+SOURCES/tomcat-9.0.87.redhat-00013-src.zip
--- a/.tomcat.metadata
+++ b/.tomcat.metadata
@ -1 +1 @@
-8b767b774d19e223f1fa9f4bb07e0db94234978a SOURCES/tomcat-9.0.87.redhat-00012-src.zip
+15a5e583a5ce045a1d47e660ca391964cd52a51a SOURCES/tomcat-9.0.87.redhat-00013-src.zip
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00012-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}.6
+Release:       1%{?dist}.7
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       ASL 2.0
@ -556,6 +556,12 @@ fi


 %changelog
+* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.7
+- Resolves: RHEL-124507
+  tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
+- Resolves: RHEL-91743
+  tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
+
 * Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.6
 - Resolves: RHEL-102193
  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)