Upstream announced a security fix in Tomcat 8.0.48 on January 31:
Cauldron was just updated to 8.0.49 by David today.
Done also for mga6.
Updated tomcat packages fix security vulnerability:
In Tomcat 8.0.45, the description of the search algorithm used by the CGI
Servlet to identify which script to execute was updated. The update was not
correct. As a result, some scripts may have failed to execute as expected and
other scripts may have been executed unexpectedly. Note that the behaviour of
the CGI servlet has remained unchanged in this regard. It is only the
documentation of the behaviour that was wrong and has been corrected
Updated packages in core/updates_testing:
MGA6-64 on Lenovo B50 Plasma
No installation issues
Examples work perfectly, and access to tomcat homepage on localhost is OK, but I cann't get the tomcat users configuration right to get into the manager app.
The relevant section of tomcat-users.xml reads:
<user username="tomcat" password="tomcat" roles="tomcat,manager-gui,admin-gui"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
<user name="admin" password="tomcat" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" />
and I fail to see the obvious(?) mistake.