Overview

File _patchinfo of Package patchinfo.23111

<patchinfo incident="23111">
  <issue tracker="bnc" id="1196137">tomcat depencency on log4j 1.x</issue>
  <issue tracker="bnc" id="1198136">VUL-0: tomcat: Harden class loader to provide mitigation for Spring Framework vulnerabilities</issue>
  <packager>mbussolotto</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for tomcat</summary>
  <description>This update for tomcat fixes the following issues:

- Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137)
    
Security hardening, related to Spring Framework vulnerabilities:    
- Deprecate getResources() and always return null (bsc#1198136).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places