tomcat-jsp-2.3-api-9.0.87-2.el9 RPM for noarch

From CentOS Stream 9 AppStream for x86_64

Apache Tomcat JSP API Implementation Classes.

Provides

• tomcat-jsp-2.3-api
• jsp
• mvn(org.apache.tomcat:tomcat-jsp-api)
• mvn(org.apache.tomcat:tomcat-jsp-api:pom:)
• mvn(org.eclipse.jetty.orbit:javax.servlet.jsp)
• mvn(org.eclipse.jetty.orbit:javax.servlet.jsp:pom:)

Requires

• /bin/sh
• /bin/sh
• javapackages-filesystem
• mvn(org.apache.tomcat:tomcat-el-api) = 9.0.87
• mvn(org.apache.tomcat:tomcat-servlet-api) = 9.0.87
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rpmlib(RichDependencies) <= 4.12.0-1
• tomcat-el-3.0-api = 1:9.0.87-2.el9
• tomcat-servlet-4.0-api = 1:9.0.87-2.el9

License

ASL 2.0

Changelog

* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
  - Resolves: RHEL-46163
    tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
  - Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat
* Fri May 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1
  - Resolves: RHEL-35812 - Rebase tomcat to version 9.0.87
  - Resolves: RHEL-29257
    tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
  - Resolves: RHEL-29252
    tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
  - Resolves: RHEL-53001 - Amend tomcat's changelog
    (CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080)
* Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-39
  - Resolves: RHEL-17605
    tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)
* Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-38
  - Resolves: RHEL-13908
    tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
  - Resolves: RHEL-13905
    tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
  - Resolves: RHEL-12952
    tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
  - Resolves: RHEL-12552
    tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
  - Resolves: RHEL-2388
    tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
* Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-37
  - Resolves: RHEL-12551
    tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
  - Remove JDK subpackges which are unused
* Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-16
  - Related: #2184133 Declare file conflicts
* Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-15
  - Resolves: #2184133 Fix bug in Obsoletes
* Tue Aug 01 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-14
  - Resolves: #2210632 CVE-2023-28709 tomcat
* Wed Jul 26 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-13
  - Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
* Wed Jun 21 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-12
  - Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3
  - Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency
  - Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information
  - Resolves: #2210632 CVE-2023-28709
  - Resolves: #2184133 Add Obsoletes to tomcat package
  - Update patch command
  - Update source to include the CVE fixes
* Thu Feb 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-11
  - Bump release so that the NVR on RHEL-9 is higher than RHEL-8
* Wed Feb 15 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-4
  - Bump release to run the tier1 test
* Tue Feb 07 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-3
  - Add conflicts declaration to the appropriate subpackages
  - Fix malformed DTD file that caused problems with rpminspect
* Fri Feb 03 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-2
  - Add conflicts with the pki-servlet-engine package
* Mon Jan 16 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-1
  - Update to 9.0.62. Related: rhbz#2160511
  - Remove examples webapps from subpackage
  - Remove maven artifacts from build as they aren't very useful
  - Drop JSVC support as it's not very useful these days
  - Drop geronimo-saaj as it's no longer required
  - Drop geronimo-jaxrpc, which provided the webservices naming factory resources that are generally unused
  - Cleaning up some unused deps and system properties
  - Add Java 9 start-up parameters to allow reflection
  - Add bnd-annotation which is in bndlib
  - Add fixes for memory leak which have been fixed in 9.0.64

Files

/usr/share/java/tomcat
/usr/share/java/tomcat-jsp-2.3-api.jar
/usr/share/java/tomcat-jsp-api.jar
/usr/share/java/tomcat/tomcat-jsp-2.3-api.jar
/usr/share/java/tomcat/tomcat-jsp-api.jar
/usr/share/maven-metadata/tomcat-tomcat-jsp-api.xml
/usr/share/maven-poms/tomcat
/usr/share/maven-poms/tomcat/tomcat-jsp-api.pom

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 30 06:13:11 2025