Release Notes / Version 11.2310
Table Of ContentsTomcat has been updated to version 9.0.71 (see Changelog Tomcat 9.0.71) to prevent known vulnerabilities.
Please be aware that Tomcat >= 9.0.69 serves cookies with dates
formatted as required by RFC 6265 (see
Changelog
Tomcat 9.0.69). This may have to be respected in HTTP client
implementations. When e.g. the Apache HttpClient
is used and cookies are retrieved via the
CookieStore,
the cookie specification must be set to standard
-
see
RequestConfig.Builder#setCookieSpec
and
CookieSpecs.
Furthermore, the properties for the Tomcat versions have been
consolidated. There's no need to use different properties for Tomcat
and Embedded Tomcat dependencies, hence the
tomcat.embed.version
properties have been dropped
and Tomcat versions are now uniquely configured with the
tomcat.version
property.
(CMS-22521)