Author: markt Date: Fri Jan 27 09:48:50 2017 New Revision: 1780528 URL: http://svn.apache.org/viewvc?rev=1780528&view=rev Log: Update the fix versions and release dates now the votes for 8.0.x and 7..x have passed. Add the usual text regarding fixes in releases where the release vote did not pass.
Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/xdocs/security-6.xml tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1780528&r1=1780527&r2=1780528&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Fri Jan 27 09:48:50 2017 @@ -219,7 +219,7 @@ <a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x vulnerabilities</a> </li> <li> -<a href="#Fixed_in_Apache_Tomcat_6.0.49">Fixed in Apache Tomcat 6.0.49</a> +<a href="#Fixed_in_Apache_Tomcat_6.0.50">Fixed in Apache Tomcat 6.0.50</a> </li> <li> <a href="#Fixed_in_Apache_Tomcat_6.0.48">Fixed in Apache Tomcat 6.0.48</a> @@ -340,12 +340,21 @@ </div> -<h3 id="Fixed_in_Apache_Tomcat_6.0.49"> -<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 6.0.49</h3> +<h3 id="Fixed_in_Apache_Tomcat_6.0.50"> +<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 6.0.50</h3> <div class="text"> <p> +<i>Note: The issue below was fixed in Apache Tomcat 6.0.49 but the + release vote for the 6.0.49 release candidate did not pass. Therefore, + although users must download 6.0.50 to obtain a version that includes + the fix for this issue, version 6.0.49 is not included in the list of + affected versions.</i> +</p> + + +<p> <strong>Important: Information Disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a> </p> Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1780528&r1=1780527&r2=1780528&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Fri Jan 27 09:48:50 2017 @@ -219,7 +219,7 @@ <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a> </li> <li> -<a href="#Fixed_in_Apache_Tomcat_7.0.74">Fixed in Apache Tomcat 7.0.74</a> +<a href="#Fixed_in_Apache_Tomcat_7.0.75">Fixed in Apache Tomcat 7.0.75</a> </li> <li> <a href="#Fixed_in_Apache_Tomcat_7.0.73">Fixed in Apache Tomcat 7.0.73</a> @@ -366,8 +366,8 @@ </div> -<h3 id="Fixed_in_Apache_Tomcat_7.0.74"> -<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 7.0.74</h3> +<h3 id="Fixed_in_Apache_Tomcat_7.0.75"> +<span style="float: right;">24 January 2017</span> Fixed in Apache Tomcat 7.0.75</h3> <div class="text"> @@ -377,6 +377,15 @@ </p> +<p> +<i>Note: The issue below was fixed in Apache Tomcat 7.0.74 but the + release vote for the 7.0.74 release candidate did not pass. Therefore, + although users must download 7.0.75 to obtain a version that includes + the fix for this issue, version 7.0.74 is not included in the list of + affected versions.</i> +</p> + + <p>A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1780528&r1=1780527&r2=1780528&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Fri Jan 27 09:48:50 2017 @@ -219,7 +219,7 @@ <a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a> </li> <li> -<a href="#Fixed_in_Apache_Tomcat_8.0.40">Fixed in Apache Tomcat 8.0.40</a> +<a href="#Fixed_in_Apache_Tomcat_8.0.41">Fixed in Apache Tomcat 8.0.41</a> </li> <li> <a href="#Fixed_in_Apache_Tomcat_8.5.9">Fixed in Apache Tomcat 8.5.9</a> @@ -318,12 +318,21 @@ </div> -<h3 id="Fixed_in_Apache_Tomcat_8.0.40"> -<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 8.0.40</h3> +<h3 id="Fixed_in_Apache_Tomcat_8.0.41"> +<span style="float: right;">24 January 2017</span> Fixed in Apache Tomcat 8.0.41</h3> <div class="text"> <p> +<i>Note: The issue below was fixed in Apache Tomcat 8.0.40 but the + release vote for the 8.0.40 release candidate did not pass. Therefore, + although users must download 8.0.41 to obtain a version that includes + the fix for this issue, version 8.0.40 is not included in the list of + affected versions.</i> +</p> + + +<p> <strong>Important: Information Disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a> </p> Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1780528&r1=1780527&r2=1780528&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Fri Jan 27 09:48:50 2017 @@ -48,7 +48,13 @@ </section> - <section name="Fixed in Apache Tomcat 6.0.49" rtext="not yet released"> + <section name="Fixed in Apache Tomcat 6.0.50" rtext="not yet released"> + + <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.49 but the + release vote for the 6.0.49 release candidate did not pass. Therefore, + although users must download 6.0.50 to obtain a version that includes + the fix for this issue, version 6.0.49 is not included in the list of + affected versions.</i></p> <p><strong>Important: Information Disclosure</strong> <cve>CVE-2016-8745</cve></p> Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1780528&r1=1780527&r2=1780528&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Fri Jan 27 09:48:50 2017 @@ -50,11 +50,17 @@ </section> - <section name="Fixed in Apache Tomcat 7.0.74" rtext="not yet released"> + <section name="Fixed in Apache Tomcat 7.0.75" rtext="24 January 2017"> <p><strong>Important: Information Disclosure</strong> <cve>CVE-2016-8745</cve></p> + <p><i>Note: The issue below was fixed in Apache Tomcat 7.0.74 but the + release vote for the 7.0.74 release candidate did not pass. Therefore, + although users must download 7.0.75 to obtain a version that includes + the fix for this issue, version 7.0.74 is not included in the list of + affected versions.</i></p> + <p>A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Modified: tomcat/site/trunk/xdocs/security-8.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1780528&r1=1780527&r2=1780528&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-8.xml (original) +++ tomcat/site/trunk/xdocs/security-8.xml Fri Jan 27 09:48:50 2017 @@ -50,7 +50,13 @@ </section> - <section name="Fixed in Apache Tomcat 8.0.40" rtext="not yet released"> + <section name="Fixed in Apache Tomcat 8.0.41" rtext="24 January 2017"> + + <p><i>Note: The issue below was fixed in Apache Tomcat 8.0.40 but the + release vote for the 8.0.40 release candidate did not pass. Therefore, + although users must download 8.0.41 to obtain a version that includes + the fix for this issue, version 8.0.40 is not included in the list of + affected versions.</i></p> <p><strong>Important: Information Disclosure</strong> <cve>CVE-2016-8745</cve></p> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org