0 views collected around this technical thread.
Apache Tomcat 10.1.10 has been released, bringing Jakarta EE 10 support, automatic migration of Java EE apps via the Jakarta EE Migration Tool, and notable updates such as virtual thread support, RFC‑9218 HTTP/2 priority, deprecation of xssProtectionEnabled, and an upgraded Tomcat Native 2.0.4 with OpenSSL 3.0.9.
Apache Tomcat 10.0.10 has been officially released, adding Jakarta EE 9 platform specifications, a migration tool for Java EE applications, and important fixes such as HTTP/2 flow‑control regression, TLS connection hangs with NIO, and restored JMX support for GraalVM native images.
This article analyzes the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), detailing affected versions, the underlying code flaw, how attackers can read arbitrary files and achieve remote code execution, and provides concrete upgrade recommendations to mitigate the risk.
The article details the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), explains how it enables arbitrary file read and remote code execution on vulnerable Tomcat versions, and provides remediation steps including upgrading to patched releases.