| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01-j2ee-dependencies.patch | Depend on the individual JEE spec jars instead of the big all in one artifact. | Emmanuel Bourg <ebourg@apache.org> | not-needed | |||
| 02-java10-compatibility.patch | Fixes the compatibility with Java 10 | Emmanuel Bourg <ebourg@apache.org> | yes | upstream | ||
| 03-CVE-2019-13990.patch | patch for CVE-2019-13990: XXE in initDocumentParser provide XML parser with a strong configuration to prevent XXE attacks | Jonathan Gallimore <jon@jrg.me.uk> | not-needed | debian upstream |