Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127
Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence

Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127

Resolves: rhbz#1367492 harden package permissions
Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names
Resolves: rhbz#1629162 tomcat-dbcp.jar is missing from tomcat package
Resolves: rhbz#1822453 Tomcat parses a request having an absolute URI path incorrectly and returns 404 Not Found
Resolves: rhbz#1795645 connection leak with StatementCache, SlowQueryReport or StatementDecoratorInterceptor
Resolves: CVE-2019-17563 tomcat: session fixation when using FORM authentication

CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

Resolves: rhbz#1748541 Bump tomcat release number

Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
Resolves: rhbz#1552375 CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
Resolves: rhbz#1552374 CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
Resolves: rhbz#1590182 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
Resolves: rhbz#1608609 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
Resolves: rhbz#1588703 Backport of Negative maxCookieCount value causes exception for Tomcat
Resolves: rhbz#1472950 shutdown_wait option is not working for Tomcat
Resolves: rhbz#1455483 Add support for characters "<" and ">" to the possible whitelist values

Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS

Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session

Related: rhbz#1505762 Remove erroneous useradd

Resolves: rhbz#1485453 man page uid and gid mismatch for service accounts
Resolves: rhbz#1505762 Problem to start tomcat with a user whose group has a name different to the user

Resolves: rhbz#1498343 CVE-2017-12615 CVE-2017-12617 tomcat: various flaws
Resolves: rhbz#1495655 CVE-2017-7674 tomcat: Vary header not added by CORS filter leading to cache poisoning
Resolves: rhbz#1470597 CVE-2017-5647 Add follow up revision

Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used

Resolves: rhbz#1414895 Rebase tomcat to the current release

Related: rhbz#1368122