Le 30/05/2016 à 00:12, Markus Koschany a écrit : > I have prepared a security update for Tomcat 8 fixing 7 CVEs. In > addition I would like to fix #825786. We currently overwrite file > permissions in /etc/tomcat8/ unconditionally which could break user > specific changes on upgrade. The fix is to revert to default file > permissions root:root (rw-r-r) and change only > /etc/tomcat8/tomcat-users.xml.
Thank you for fixing the CVEs Markus, I was about to handle them. Regarding #825786 I'm not sure about the suggested fix. Tomcat has to be able to write to /etc/tomcat8/Catalina and the group change will prevent that (the postinst script runs chmod 775 on /etc/tomcat8/Catalina). Emmanuel Bourg
