This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features:
WARNING - This update does not enforce the change in defaults for the AJP Connector like the upstream fix does. This is done to prevent breakage of current installations, but it is highly advised to review your AJP Connector configuration to ensure that it is only accessible by your proxy! For more information see the Tomcat Security Page and the Tomcat Security Considerations Document.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2020-0e42878ba7
Please login to add feedback.