Author: markt
Date: Tue May 17 12:41:32 2011
New Revision: 1104200
URL: http://svn.apache.org/viewvc?rev=1104200&view=rev
Log:
Update for 7.0.14 release
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1104200&r1=1104199&r2=1104200&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue May 17 12:41:32 2011
@@ -215,6 +215,9 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.14_(released_12_May_2011)">Fixed in
Apache Tomcat 7.0.14 (released 12 May 2011)</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_7.0.12_(released_6_Apr_2011)">Fixed in Apache
Tomcat 7.0.12 (released 6 Apr 2011)</a>
</li>
<li>
@@ -290,6 +293,53 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
+<!--()-->
+</a>
+<a name="Fixed_in_Apache_Tomcat_7.0.14_(released_12_May_2011)">
+<strong>Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+ <p>
+<strong>Important: Security constraint bypass</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582";>
+ CVE-2011-1582</a>
+</p>
+
+ <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that
security
+ constraints configured via annotations were ignored on the first request
+ to a Servlet. Subsequent requests were secured correctly.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=1100832&view=rev";>
+ revision 1100832</a>.</p>
+
+ <p>This was identified by the Tomcat security team on 13 April 2011 and
+ made public on 17 May 2011.</p>
+
+ <p>Affects: 7.0.12-7.0.13</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
<!--()-->
</a>
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1104200&r1=1104199&r2=1104200&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue May 17 12:41:32 2011
@@ -25,6 +25,27 @@
<a href="mailto:[email protected]";>Tomcat Security
Team</a>.</p>
</section>
+ <section name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
+
+ <p><strong>Important: Security constraint bypass</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582";>
+ CVE-2011-1582</a></p>
+
+ <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that
security
+ constraints configured via annotations were ignored on the first request
+ to a Servlet. Subsequent requests were secured correctly.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=1100832&view=rev";>
+ revision 1100832</a>.</p>
+
+ <p>This was identified by the Tomcat security team on 13 April 2011 and
+ made public on 17 May 2011.</p>
+
+ <p>Affects: 7.0.12-7.0.13</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
<p><strong>Important: Information disclosure</strong>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
