ea-tomcat101 (10.1.52-1+2.1.cpanel) stable; urgency=low

  * EA-13328: Update ea-tomcat101 from v10.1.50 to v10.1.52

 -- Cory McIntire <cory.mcintire@webpros.com>  Wed, 28 Jan 2026 00:00:00 -0000

ea-tomcat101 (10.1.50-1) stable; urgency=low

  * EA-13285: Update ea-tomcat101 from v10.1.49 to v10.1.50

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 09 Dec 2025 00:00:00 -0000

ea-tomcat101 (10.1.49-1) stable; urgency=low

  * EA-13257: Update ea-tomcat101 from v10.1.48 to v10.1.49

 -- Cory McIntire <cory.mcintire@webpros.com>  Wed, 12 Nov 2025 00:00:00 -0000

ea-tomcat101 (10.1.48-1) stable; urgency=low

  * EA-13223: Update ea-tomcat101 from v10.1.47 to v10.1.48

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 21 Oct 2025 00:00:00 -0000

ea-tomcat101 (10.1.47-1) stable; urgency=low

  * EA-13187: Update ea-tomcat101 from v10.1.46 to v10.1.47

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 09 Oct 2025 00:00:00 -0000

ea-tomcat101 (10.1.46-1) stable; urgency=low

  * EA-13164: Update ea-tomcat101 from v10.1.45 to v10.1.46

 -- Cory McIntire <cory.mcintire@webpros.com>  Mon, 06 Oct 2025 00:00:00 -0000

ea-tomcat101 (10.1.45-1) stable; urgency=low

  * EA-13090: Update ea-tomcat101 from v10.1.44 to v10.1.45

 -- Cory McIntire <cory.mcintire@webpros.com>  Mon, 08 Sep 2025 00:00:00 -0000

ea-tomcat101 (10.1.44-1) stable; urgency=low

  * EA-13066: Update ea-tomcat101 from v10.1.43 to v10.1.44

 -- Cory McIntire <cory.mcintire@webpros.com>  Thu, 07 Aug 2025 00:00:00 -0000

ea-tomcat101 (10.1.43-1) stable; urgency=low

  * EA-13004: Update ea-tomcat101 from v10.1.42 to v10.1.43

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 08 Jul 2025 00:00:00 -0000

ea-tomcat101 (10.1.42-1) stable; urgency=low

  * EA-12927: Update ea-tomcat101 from v10.1.41 to v10.1.42
  * [CVE-2025-48976] Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload
  * [CVE-2025-48988] Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat
  * [CVE-2025-49125] Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat
  * [CVE-2025-49124] Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 10 Jun 2025 00:00:00 -0000

ea-tomcat101 (10.1.41-1) stable; urgency=low

  * EA-12865: Update ea-tomcat101 from v10.1.40 to v10.1.41

 -- Cory McIntire <cory.mcintire@webpros.com>  Tue, 13 May 2025 00:00:00 -0000

ea-tomcat101 (10.1.40-1) stable; urgency=low

  * EA-12806: Update ea-tomcat101 from v10.1.39 to v10.1.40
  * Important: Denial of Service via invalid HTTP priority header CVE-2025-31650
  * Low: Rewrite rule bypass CVE-2025-31651

 -- Cory McIntire <cory.mcintire@webpros.com>  Wed, 09 Apr 2025 00:00:00 -0000

ea-tomcat101 (10.1.39-1) stable; urgency=low

  * EA-12756: Update ea-tomcat101 from v10.1.36 to v10.1.39
  * Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required.
  * Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet - CVE-2025-24813

 -- Cory McIntire <cory.mcintire@webpros.com>  Mon, 10 Mar 2025 00:00:00 -0000

ea-tomcat101 (10.1.36-1) stable; urgency=low

  * EA-12722: Update ea-tomcat101 from v10.1.35 to v10.1.36

 -- Cory McIntire <cory.mcintire@webpros.com>  Wed, 19 Feb 2025 00:00:00 -0000

ea-tomcat101 (10.1.35-1) stable; urgency=low

  * EA-12693: Update ea-tomcat101 from v10.1.34 to v10.1.35
  * Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2004-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting.

 -- Cory McIntire <cory.mcintire@webpros.com>  Mon, 10 Feb 2025 00:00:00 -0000

ea-tomcat101 (10.1.34-1) stable; urgency=low

  * EA-12606: Update ea-tomcat101 from v10.1.33 to v10.1.34
  * CVE-2024-54677: Apache Tomcat: DoS in examples web application
  * CVE-2024-50379: Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

 -- Cory McIntire <cory@cpanel.net>  Tue, 10 Dec 2024 00:00:00 -0000

ea-tomcat101 (10.1.33-1) stable; urgency=low

  * EA-12555: Update ea-tomcat101 from v10.1.30 to v10.1.33
  * CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
  * CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2
  * CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS

 -- Cory McIntire <cory@cpanel.net>  Mon, 18 Nov 2024 00:00:00 -0000

ea-tomcat101 (10.1.30-1) stable; urgency=low

  * EA-12394: Update ea-tomcat101 from v10.1.28 to v10.1.30

 -- Cory McIntire <cory@cpanel.net>  Tue, 17 Sep 2024 00:00:00 -0000

ea-tomcat101 (10.1.28-1) stable; urgency=low

  * EA-12325: Update ea-tomcat101 from v10.1.26 to v10.1.28

 -- Cory McIntire <cory@cpanel.net>  Tue, 06 Aug 2024 00:00:00 -0000

ea-tomcat101 (10.1.26-1) stable; urgency=low

  * EA-12290: Update ea-tomcat101 from v10.1.24 to v10.1.26

 -- Cory McIntire <cory@cpanel.net>  Thu, 18 Jul 2024 00:00:00 -0000

ea-tomcat101 (10.1.24-1) stable; urgency=low

  * EA-12147: Update ea-tomcat101 from v10.1.20 to v10.1.24

 -- Cory McIntire <cory@cpanel.net>  Mon, 13 May 2024 00:00:00 -0000

ea-tomcat101 (10.1.20-1) stable; urgency=low

  * EA-12081: Update ea-tomcat101 from v10.1.10 to v10.1.20

 -- Cory McIntire <cory@cpanel.net>  Wed, 10 Apr 2024 00:00:00 -0000

ea-tomcat101 (10.1.10-2) stable; urgency=low

  * ZC-11732: Add SSL and Port information. Clarify role in support and docs

 -- Dan Muey <dan@cpanel.net>  Thu, 28 Mar 2024 00:00:00 -0000

ea-tomcat101 (10.1.10-1) stable; urgency=low

  * ZC-11053: Initial Build

 -- Julian Brown <julian.brown@cpanel.net>  Mon, 31 Jul 2023 00:00:00 -0000

