| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0004-split-deploy-webapps-target-from-deploy-target.patch | [PATCH] split deploy-webapps target from deploy target | Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> | no | 2010-06-28 | ||
| 0005-skip-test-failures.patch | Ignore the failing tests | Emmanuel Bourg <ebourg@apache.org> | not-needed | |||
| 0009-Use-java.security.policy-file-in-catalina.sh.patch | [PATCH] Use java.security.policy file in catalina.sh Make sure catalina.sh uses the Debian/Ubuntu java.security.policy file location when Tomcat is started with a security manager. |
Adam Guthrie <asguthrie@gmail.com> | not-needed | debian | 2010-06-28 | |
| 0010-debianize-build-xml.patch | Disable usage of embedded library copies | James Pages <james.page@canonical.com> | no | 2011-05-16 | ||
| 0013-dont-look-for-build-properties-in-user-home.patch | Don't look for build.properties in the user home directory. This directory doesn't exist on the builders and the attempt to load a property file there causes a build failure. |
Jakub Adam <jakub.adam@ktknet.cz> | not-needed | |||
| 0018-fix-manager-webapp.patch | This patch changes the manager path from webapps/manager to ../tomcat9-admin/manager | TJ <ubuntu@iam.tj>, Gianfranco Costamagna <costamagnagianfranco@yahoo.it> | no | 2013-08-01 | ||
| 0019-add-distribution-to-error-page.patch | Adds the name of the distribution to the version of Tomcat reported on the error pages (i.e. 'Apache Tomcat/8.0.x (Debian)') | Yolanda Robla <yolanda.robla@canonical.com> | not-needed | debian | ||
| 0021-dont-test-unsupported-ciphers.patch | Don't check the IDEA cipher during the tests since it is disabled in Debian (see #327739) Also ignore ARIA which is disabled by default in OpenSSL. | Emmanuel Bourg <ebourg@apache.org> | not-needed | |||
| 0023-disable-shutdown-by-socket.patch | Disables the shutdown port (8005) by default | Emmanuel Bourg <ebourg@apache.org> | no | |||
| 0024-systemd-log-formatter.patch | Adds a log formatter suitable for systemd | Emmanuel Bourg <ebourg@apache.org> | no | |||
| 0025-invalid-configuration-exit-status.patch | Fix the exit status when Tomcat terminates because the configuration is invalid | Emmanuel Bourg <ebourg@apache.org> | yes | upstream | ||
| 0026-easymock4-compatibility.patch | Fixes the compatibility with the version of Easymock in Debian | Emmanuel Bourg <ebourg@apache.org> | no | |||
| 0027-java11-compilation.patch | Fixes the compilation with Java 11 | Emmanuel Bourg <ebourg@apache.org> | no | |||
| CVE-2021-30640.patch | CVE-2021-30640 | Markus Koschany <apo@debian.org> | no | debian | https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 | 2021-08-06 |
| CVE-2021-33037.patch | CVE-2021-33037 | Markus Koschany <apo@debian.org> | no | debian | https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 | 2021-08-06 |
| CVE-2021-41079.patch | CVE-2021-41079 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 | 2021-09-25 | |
| CVE-2021-42340.patch | CVE-2021-42340 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 | 2021-11-12 | |
| CVE-2022-23181.patch | CVE-2022-23181 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e | 2022-10-25 | |
| CVE-2022-29885.patch | CVE-2022-29885 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48 | 2022-10-25 | |
| CVE-2021-43980.patch | CVE-2021-43980 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1 | 2022-10-29 | |
| CVE-2022-42252.patch | CVE-2022-42252 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77 | 2023-04-05 | |
| CVE-2022-45143.patch | CVE-2022-45143 | Markus Koschany <apo@debian.org> | no | https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e | 2023-04-05 | |
| CVE-2023-24998.patch | Update packaged renamed fork of Commons File Upload | no | upstream, https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74 | |||
| CVE-2023-28708.patch | CVE-2023-28708 | Markus Koschany <apo@debian.org> | no | debian | https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab | 2023-04-05 |
| CVE-2023-28709.patch | Fix parameter counting logic | no | upstream, https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861 | |||
| CVE-2023-41080.patch | Avoid protocol relative redirects | no | upstream, https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b.patch | |||
| CVE-2023-42795.patch | Improve handling of failures during recycle() methods | no | upstream, https://github.com/apache/tomcat/commit/44d05d75d696ca10ce251e4e370511e38f20ae75 | |||
| CVE-2023-44487.patch | Improvements to HTTP/2 overhead protection. https://github.com/apache/tomcat/commit/94480483910f2d19561e88fb194d7b415bb527da https://github.com/apache/tomcat/commit/caafb952f77107fb4730546e60bf5d7756ef4c5a https://github.com/apache/tomcat/commit/3f0efca913b09fa3a3d9c246cc29045ac8a2befe https://github.com/apache/tomcat/commit/c551ecaa1ba4ffe50a67009a9c94efb03439ae8b https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a |
no | backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2e8da4daa23f1135c83 | |||
| CVE-2023-45648.patch | Align processing of trailer headers with standard processing | no | upstream, https://github.com/apache/tomcat/commit/59583245639d8c42ae0009f4a4a70464d3ea70a0 |