Bug#846298: tomcat7: Security update causes java.lang.ClassNotFoundException: org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
Emmanuel Bourg
ebourg at apache.org
Mon Dec 5 14:20:58 UTC 2016
Hi Anthony,
Thank you for reporting this issue. This was caused by the fix for
CVE-2016-5018 in the version 7.0.56-3+deb8u5 which removed the inner
class PrivilegedIntrospectHelper. This issue was fixed upstream [1] but
the extra commit [2] wasn't documented on the Tomcat 7 security page
[3]. The tomcat8 package seems to be affected by the same issue. I'll
fix this in the next update.
Emmanuel Bourg
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=60101
[2] https://svn.apache.org/r1760309
[3] https://tomcat.apache.org/security-7.html
More information about the pkg-java-maintainers
mailing list