LTS report June 2025
====================

1. tomcat9.:

   I finished the tomcat9 security update and incorporated the patches for new
   CVE which had only been reported in June. I switched to version 9.0.107 in order to
   fix 11 CVE in bullseye now. I successfully rebuilt all reverse-dependencies of
   tomcat9 in bullseye. I plan to release on Monday, 14.07.2025.

2. tomcat10.:

   I prepared a security update for tomcat10 fixing 8 CVE in bookworm which
   will eventually be the next LTS release of tomcat in Debian.

3. libcommons-fileupload-java.:

   I prepared a security update for the standalone libcommons-fileupload-java
   library fixing 2 CVE in bullseye. The fileupload library is also embedded into
   tomcat and the changes go hand in hand with the previous tomcat updates. Albeit of
   a less severe nature the security update will provide new upload settings to
   limit the possibility of denial-of-service attacks.

4. libowasp-esapi-java.:

   I have been working on a security update for libowasp-esapi-java, a library
   to provide a simple API for securing web applications, fixing 3 CVE in
   bullseye.

5. I have been LTS frontdesk from 30.06.2025 until 06.07.2025. Since most of
   the work was done in July, more details are included in the July report.