Hi Remy, Are these security bugs existing in all versions of Tomcat 4 prior to 4.1.27 ? Or was there a version of Tomcat where these were introduced ? I couldnt find the reference to these security issues on the tomcat web site section mentioning the 4.1.27 release. This information will be very much useful since we may need to redeploy our free HPUX Tomcat distribution to customers.
Thanks, --Roshan > -----Original Message----- > From: Remy Maucherat [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 31, 2003 10:59 PM > To: [EMAIL PROTECTED]; Tomcat Developers List; > [EMAIL PROTECTED] > Subject: [ANN] Apache Tomcat 4.1.27 Stable released > > > The Tomcat Team announces the immediate availability of Apache Tomcat > 4.1.27 Stable. Among other bugfixes and improvements, Tomcat 4.1.27 > includes security fixes for: > > - Improper recycling of SSL client certificates with Coyote JK 2 > - Improper handling of invalid content lengths in requests, > causing HTTP > processors to be left in an invalid state in Coyote HTTP/1.1, > causing a > DoS condition > - URI normalization bug in Coyote > - Improper handling of certain URLs in Coyote JK 2, causing a > DoS condition > > Downloads: http://jakarta.apache.org/site/binindex.cgi > > Remy > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
