ELA-1615-2 tomcat9 regression update

regression update

2026-02-03

Package	tomcat9
Version	9.0.107-0+deb10u2 (buster)

The tomcat9 security update, released as ELA-1615-1, introduced a regression. Several classes were missing in tomcat9-jasper-el.jar and tomcat9-embed-el.jar due to toolchain changes between version 9.0.31 and 9.0.107 which required a newer version of bnd, a tool to create and diagnose OSGi bundles. Those classes have been restored.

For Debian 10 buster, these problems have been fixed in version 9.0.107-0+deb10u2.

We recommend that you upgrade your tomcat9 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.