Author: markt
Date: Fri Feb 8 00:14:43 2008
New Revision: 619799
URL: http://svn.apache.org/viewvc?rev=619799view=rev
Log:
Fix CVE-2007-5461, an info disclosure vulnerability.
Modified:
tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
Author: markt
Date: Fri Feb 8 00:17:09 2008
New Revision: 619801
URL: http://svn.apache.org/viewvc?rev=619801view=rev
Log:
Fix for CVE-2007-5461 has been applied to TC4.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/xdocs/security-4.xml
Modified:
[EMAIL PROTECTED] wrote:
Author: jim
Date: Thu Feb 7 07:39:21 2008
New Revision: 619460
URL: http://svn.apache.org/viewvc?rev=619460view=rev
Log:
Cast some votes... mulling over:
http://people.apache.org/~markt/patches/2008-01-17-tc4-lib-updates.patch
Any queries, let me know. I am
Thanks for the votes.
I am working my way through the patches but it is taking longer than
planned since I am currently on my third room in this hotel trying to get a
broadband connection that works. I'm back home tonight with (hopefully)
reliable connectivity and will finish off the
Author: jfclere
Date: Fri Feb 8 02:58:17 2008
New Revision: 619831
URL: http://svn.apache.org/viewvc?rev=619831view=rev
Log:
Add the building part.
Modified:
tomcat/connectors/trunk/jni/xdocs/index.xml
Modified: tomcat/connectors/trunk/jni/xdocs/index.xml
URL:
Author: jfclere
Date: Fri Feb 8 03:43:59 2008
New Revision: 619842
URL: http://svn.apache.org/viewvc?rev=619842view=rev
Log:
Arrange the data of the copyright.
Modified:
tomcat/connectors/trunk/jni/xdocs/style.xsl
Modified: tomcat/connectors/trunk/jni/xdocs/style.xsl
URL:
Author: jfclere
Date: Fri Feb 8 03:42:40 2008
New Revision: 619841
URL: http://svn.apache.org/viewvc?rev=619841view=rev
Log:
Add installing and testing for UNIXES.
Modified:
tomcat/connectors/trunk/jni/xdocs/index.xml
Modified: tomcat/connectors/trunk/jni/xdocs/index.xml
URL:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.16 stable. This release includes many bugfixes over Apache
Tomcat 6.0.14.
Apache Tomcat 6.0 includes new features over Apache Tomcat 5.5,
including support for the new Servlet 2.5 and JSP 2.1 specifications, a
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=43925.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
Author: jfclere
Date: Fri Feb 8 06:10:07 2008
New Revision: 619893
URL: http://svn.apache.org/viewvc?rev=619893view=rev
Log:
Add the windows part install and tests.
Modified:
tomcat/connectors/trunk/jni/xdocs/index.xml
Modified: tomcat/connectors/trunk/jni/xdocs/index.xml
URL:
On Feb 8, 2008, at 3:26 AM, Mark Thomas wrote:
[EMAIL PROTECTED] wrote:
Author: jim
Date: Thu Feb 7 07:39:21 2008
New Revision: 619460
URL: http://svn.apache.org/viewvc?rev=619460view=rev
Log:
Cast some votes... mulling over:
Author: markt
Date: Fri Feb 8 12:06:56 2008
New Revision: 619987
URL: http://svn.apache.org/viewvc?rev=619987view=rev
Log:
Update after recent releases
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
Author: jim
Date: Fri Feb 8 09:35:05 2008
New Revision: 619951
URL: http://svn.apache.org/viewvc?rev=619951view=rev
Log:
Cast vote
Modified:
tomcat/current/tc4.1.x/STATUS.txt
Modified: tomcat/current/tc4.1.x/STATUS.txt
URL:
Author: fhanik
Date: Fri Feb 8 08:27:03 2008
New Revision: 619930
URL: http://svn.apache.org/viewvc?rev=619930view=rev
Log:
recast vote
Modified:
tomcat/current/tc4.1.x/STATUS.txt
Modified: tomcat/current/tc4.1.x/STATUS.txt
URL:
Author: markt
Date: Fri Feb 8 14:21:58 2008
New Revision: 620013
URL: http://svn.apache.org/viewvc?rev=620013view=rev
Log:
Publish details of CVE-2008-0002
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-6.xml
Modified:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2008-0002: Tomcat information disclosure vulnerability
Severity: important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.5 to 6.0.15
Description:
If an exception occurs during the processing of parameters (eg if the
Author: jim
Date: Fri Feb 8 09:38:57 2008
New Revision: 619953
URL: http://svn.apache.org/viewvc?rev=619953view=rev
Log:
* Update to latest library versions (where possible). Tidy up build flags since
we require JDK 1.3+ to build. Update location of downloads for commons
libraries. Remove
Author: jim
Date: Fri Feb 8 09:40:01 2008
New Revision: 619955
URL: http://svn.apache.org/viewvc?rev=619955view=rev
Log:
Applied
Modified:
tomcat/current/tc4.1.x/STATUS.txt
Modified: tomcat/current/tc4.1.x/STATUS.txt
URL:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=44380.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
Author: markt
Date: Fri Feb 8 15:15:48 2008
New Revision: 620028
URL: http://svn.apache.org/viewvc?rev=620028view=rev
Log:
Fix cookie handling for quotes and %5C - CVE-2007-5333.
Modified:
tomcat/connectors/trunk/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
Author: jim
Date: Fri Feb 8 09:39:21 2008
New Revision: 619954
URL: http://svn.apache.org/viewvc?rev=619954view=rev
Log:
* Update to latest library versions (where possible). Tidy up build flags since
we require JDK 1.3+ to build. Update location of downloads for commons
libraries. Remove
I would like to add HTTPOnly support to the tomcat session handler
I added a bugzilla item
http://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Thoughts would be greatly apprecited
Jim Manico, Senior Application Security Engineer
mailto:[EMAIL PROTECTED] [EMAIL
Author: markt
Date: Fri Feb 8 15:16:41 2008
New Revision: 620030
URL: http://svn.apache.org/viewvc?rev=620030view=rev
Log:
Publish details of CVE-2007-5333
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-5333: Tomcat Cookie handling vulnerabilities
Severity: low - Session hi-jacking
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.36
Tomcat 5.5.0 to 5.5.25
Tomcat 6.0.0 to 6.0.14
Description:
The previous fix
Author: markt
Date: Fri Feb 8 15:22:02 2008
New Revision: 620033
URL: http://svn.apache.org/viewvc?rev=620033view=rev
Log:
Patch has been applied. Note that in tc4 the cookie parsing code is in
CoyoteAdaptor rather than CoyoteRequest.
Modified:
tomcat/current/tc4.1.x/STATUS.txt
Modified:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-6286: Tomcat duplicate request processing vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.11 to 5.5.25
Tomcat 6.0.0 to 6.0.15
Description:
When using the native (APR based)
Author: markt
Date: Fri Feb 8 15:34:32 2008
New Revision: 620037
URL: http://svn.apache.org/viewvc?rev=620037view=rev
Log:
Publish details of CVE-2007-6286
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
Hi developers.
I want to redirect the client browser from the Http11Processor. To do that,
I create a class CustomProcessor extends Http11Processor and override the
process(socket) method.
I did try with methods above with IE or Mozilla but unsuccessfully. Instead
of that, The page cannot be
Hi,
I've just encountered that Cookies seem to be a little bit broken in
6.0.16. If you want to read a cookie which ends on one or more
equals-sign (=), the equals-signs are removed by Tomcat when the
cookie is read.
If you run the following example, you'll see, that the test_cookies
are stored
29 matches
Mail list logo