From 64fc796b989ad7e2f7b445b303c18d6a67e99196 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <bitnami-bot@vmware.com>
Date: Tue, 25 Apr 2023 15:16:12 +0200
Subject: [PATCH] [bitnami/tomcat] Release 9.0.74-debian-11-r3 (#31608)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
---
 bitnami/tomcat/9.0/debian-11/Dockerfile       |  6 ++--
 .../opt/bitnami/.bitnami_components.json      |  2 +-
 .../rootfs/opt/bitnami/scripts/libtomcat.sh   | 31 ++++++++++++++-----
 3 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/bitnami/tomcat/9.0/debian-11/Dockerfile b/bitnami/tomcat/9.0/debian-11/Dockerfile
index 9b8c6a7068a7..c0a606633a3f 100644
--- a/bitnami/tomcat/9.0/debian-11/Dockerfile
+++ b/bitnami/tomcat/9.0/debian-11/Dockerfile
@@ -5,10 +5,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:109c7d51bd69bb6b3df71017440c1ea0699454f81fe188056c083f0b57c96ea6" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-04-23T13:40:36Z" \
+      org.opencontainers.image.created="2023-04-25T12:52:34Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="9.0.74-debian-11-r2" \
+      org.opencontainers.image.ref.name="9.0.74-debian-11-r3" \
       org.opencontainers.image.title="tomcat" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="9.0.74"
@@ -25,7 +25,7 @@ RUN install_packages ca-certificates curl libssl1.1 procps xmlstarlet zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
     COMPONENTS=( \
       "java-11.0.19-7-1-linux-${OS_ARCH}-debian-11" \
-      "tomcat-9.0.74-1-linux-${OS_ARCH}-debian-11" \
+      "tomcat-9.0.74-2-linux-${OS_ARCH}-debian-11" \
       "render-template-1.0.5-5-linux-${OS_ARCH}-debian-11" \
     ) && \
     for COMPONENT in "${COMPONENTS[@]}"; do \
diff --git a/bitnami/tomcat/9.0/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/tomcat/9.0/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
index e13829692a00..11602cb50ba8 100644
--- a/bitnami/tomcat/9.0/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/tomcat/9.0/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -15,6 +15,6 @@
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "9.0.74-1"
+        "version": "9.0.74-2"
     }
 }
\ No newline at end of file
diff --git a/bitnami/tomcat/9.0/debian-11/rootfs/opt/bitnami/scripts/libtomcat.sh b/bitnami/tomcat/9.0/debian-11/rootfs/opt/bitnami/scripts/libtomcat.sh
index 64218cce29b2..2398fec812de 100644
--- a/bitnami/tomcat/9.0/debian-11/rootfs/opt/bitnami/scripts/libtomcat.sh
+++ b/bitnami/tomcat/9.0/debian-11/rootfs/opt/bitnami/scripts/libtomcat.sh
@@ -132,6 +132,24 @@ tomcat_enable_ajp() {
     fi
 }
 
+########################
+# Enable a specific Tomcat application for public access
+# Globals:
+#   TOMCAT_*
+# Arguments:
+#   $1 - Tomcat application to enable
+# Returns:
+#   None
+#########################
+tomcat_enable_application() {
+    local application="${1:?missing application}"
+    # Access control is configured in the application's context.xml with a Valve element
+    # context.xml docs: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html
+    # Valve docs for Access Control: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Control
+    [[ -f "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml" ]] || return
+    xmlstarlet ed -S --inplace --update '//Valve/@allow' --value '\d+\.\d+\.\d+\.\d+' "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml"
+}
+
 ########################
 # Ensure Tomcat is initialized
 # Globals:
@@ -187,15 +205,14 @@ EOF
             info "Skipping deployment of default webapps"
         fi
 
-        # Access control is configured in the application's context.xml with a Valve element
-        # context.xml docs: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html
-        # Valve docs for Access Control: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Control
+        # These applications have been enabled for historical reasons, and do not pose any security threat
+        tomcat_enable_application examples
+        tomcat_enable_application docs
         if is_boolean_yes "$TOMCAT_ALLOW_REMOTE_MANAGEMENT"; then
+            # These applications should not be enabled by default, for security reasons
             info "Enabling remote connections for manager and host-manager applications"
-             for application in manager host-manager examples docs; do
-                [[ -f "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml" ]] || continue
-                xmlstarlet ed -S --inplace --update '//Valve/@allow' --value '\d+\.\d+\.\d+\.\d+' "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml"
-            done
+            tomcat_enable_application manager
+            tomcat_enable_application host-manager
         fi
     fi
 }