Hi, I have prepared a security update for Tomcat 8 fixing 7 CVEs. In addition I would like to fix #825786. We currently overwrite file permissions in /etc/tomcat8/ unconditionally which could break user specific changes on upgrade. The fix is to revert to default file permissions root:root (rw-r-r) and change only /etc/tomcat8/tomcat-users.xml. Regards, Markus
Attachment:
tomcat8.debdiff.gz
Description: application/gzip
Attachment:
signature.asc
Description: OpenPGP digital signature