This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status (bsc#1233434) Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt) Add: 55470: Add debug logging that reports the class path when a ClassNotFoundException occurs in the digester or the web application class loader. Based on a patch by Ralf Hauser. (markt) Update: 69374: Properly separate between table header and body in DefaultServlet's listing. (michaelo) Update: 69373: Make DefaultServlet's HTML listing file last modified rendering better (flexible). (michaelo) Update: Improve HTML output of DefaultServlet. (michaelo) Code: Refactor RateLimitFilter to use FilterBase as the base class. The primary advantage for doing this is less code to process init-param values. (markt) Update: 69370: DefaultServlet's HTML listing uses incorrect labels. (michaelo) Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm) Fix: Add missing WebDAV Lock-Token header in the response when locking a folder. (remm) Fix: Invalid WebDAV lock requests should be rejected with 400. (remm) Fix: Fix regression in WebDAV when attempting to unlock a collection. (remm) Fix: Verify that destination is not locked for a WebDAV copy operation. (remm) Fix: Send 415 response to WebDAV MKCOL operations that include a …Read More
