- Related: CVE-2013-1976 It was found during additional testing
- that the tomcat5 init may fail to start because the user
- shell is set to sbin/nologin. Fixed in init scrip. SU now
- uses -s /bin/sh during startup

- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication
- implementation
- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.
- Remove unneeded handling of FORM authentication in RealmBase

- Related: rhbz#543995

- Resolves: CVE-2012 regression. Changed patch file.

- Resolves: CVE-2011-0013 rhbz 675931
- Resolves: CVE-2010-3718 rhbz 675931
- Resolves: CVE-2011-1184 rhbz 744983
- Resolves: CVE-2011-2204 rhbz 719181

- Resolves: rhbz 717456, rhbz 717459

- Resolves: rhbz 674599 JDK Double.parseDouble DoS

- Resolves: rhbz 623465 - NPE and ConcurrentModification Exception

- Resolves: rhbz#623813 - NullPointerException on startup
- Resolves: rhbz#623465 - Crash on startup using Catalina/localhost/context.xml
- Still has startup issues (http404) on first request. The second request will
- return http200

- Resolves: rhbz#619424 fixed servlet-api typo. serve4-api to servlet-api
- RHSA-2010:9748

- Actually add the patch files this time
  Resolves: rhbz#427779
  Resolves: rhbz#504758
  Resolves: rhbz#503980
  Resolves: rhbz#504162

- add patch for CVE-2008-1232
  Resolves: rhbz#457727
- add patch for CVE-2008-1947
  Resolves: rhbz#449916
- add patch for CVE-2008-2370
  Resolves: rhbz#458634
- add patch for CVE-2008-2938
  Resolves: rhbz#456214