The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4106-1 advisory. – Update to Tomcat 9.0.97 * Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status (bsc#1233434) * Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt) + Add: 55470: Add debug logging that reports the class path when a ClassNotFoundException occurs in the digester or the web application class loader. Based on a patch by Ralf Hauser. (markt) + Update: 69374: Properly separate between table header and body in DefaultServlet's listing. (michaelo) + Update: 69373: Make DefaultServlet's HTML listing file last modified rendering better (flexible). (michaelo) + Update: Improve HTML output of DefaultServlet. (michaelo) + Code: Refactor RateLimitFilter to use FilterBase as the base class. The primary advantage for doing this is less code to process init-param values. (markt) + Update: 69370: DefaultServlet's HTML listing uses incorrect labels. (michaelo) + Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm) + Fix: Add missing WebDAV Lock-Token header in the response when locking a folder. (remm) …Read More