Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tomcat11 fixes the following issues
Update to Tomcat 11.0.23.
Security issues fixed:
- CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791).
- CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be
skipped if the first condition in an OR chain matched (bsc#1269910).
- CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824).
- CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints
to not be included when the effective web.xml was logged (bsc#1269909).
- CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster
component (bsc#1269908).
- CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any
method or method omission...
Read the Full Advisory- openSUSE Leap 16.0:
tomcat11-11.0.23-160000.1.1
tomcat11-admin-webapps-11.0.23-160000.1.1
tomcat11-doc-11.0.23-160000.1.1
tomcat11-docs-webapp-11.0.23-160000.1.1
tomcat11-el-6_0-api-11.0.23-160000.1.1
tomcat11-embed-11.0.23-160000.1.1
tomcat11-jsp-4_0-api-11.0.23-160000.1.1
tomcat11-jsvc-11.0.23-160000.1.1
tomcat11-lib-11.0.23-160000.1.1
tomcat11-servlet-6_1-api-11.0.23-160000.1.1
tomcat11-webapps-11.0.23-160000.1.1
* bsc#1232390
* bsc#1269791
* bsc#1269824
* bsc#1269907
* bsc#1269908
* bsc#1269909
* bsc#1269910
References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html
Get the latest Linux and open source security news straight to your inbox.