Note on Recent Tomcat Releases
The changelogs of the new tomcat releases over the past few days may have failed to clearly indicate that these newer releases also address some security vulnerabilities, which makes upgrading to them all the more important.
Although some of these may have been fixed a point release or two earlier, the following security vulnerabilities have been addressed in the recent tomcat 5.5.32, tomcat 6.0.32, and tomcat 7.0.8 releases:
CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
CVE-2011-0534 Apache Tomcat DoS vulnerability
Oracle JVM bug causes denial of service in Apache Tomcat
CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
