RE: [ANNOUNCEMENT]: JK 1.2.0 is now available
Where is Solaris 8, Apache 1.3? Mitchell Evan Marx[EMAIL PROTECTED] ATT IP Network Configuration Provisioning Development -Original Message- From: Henri Gomez [mailto:[EMAIL PROTECTED]] Sent: Friday, September 27, 2002 11:03 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [ANNOUNCEMENT]: JK 1.2.0 is now available Hi all, The Jakarta-Tomcat-Connector team is pleased to announce the availability of JK 1.2.0. JK, also known as mod_jk, is a Tomcat / WebServers plug-in that handles the communication between Tomcat and webservers. Currently Apache 1.3.x and 2.0.x, IIS, Netscape/iPlanet are supported. binaries and source versions of the release are available and can be downloaded from : http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1 .2.0/ Binaries allready available are : - Linux i386 (Apache 1.3/2.0.42) - Solaris 8 (Apache 1.3/2.0.39/2.0.42) - Win32 (IIS/Apache 1.3/2.0.42) MacOS X, AIX, iSeries binaries to be released shortly (I hope) Feel free to contact us to provide binaries for your own operating system. Enjoy! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Evil question: does this vulnerability exist in Tomcat 3.2.3? Mitchell Evan Marx[EMAIL PROTECTED] ATT IP Network Configuration Provisioning Development -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 7:59 AM To: Tomcat Developers List; Tomcat Users List; announcements Subject: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. The cause - Using the invoker servlet in conjunction with the default servlet (responsible for handling static content in Tomcat) triggers this vulnerability. This particular configuration is available in the default Tomcat configuration. Workarounds --- An easy workaround exists for existing Tomcat installations, by disabling the invoker servlet in the default webapp configuration. In the $CATALINA_HOME/conf/web.xml file (on Windows, %CATALINA_HOME%\conf\web.xml), comment out or remove the following XML fragment: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping Releases The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet. Apache Tomcat 4.1.12 Stable: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ Apache Tomcat 4.0.5: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
OFF TOPIC: RE: [5.0] [VOTE] New branches and repositories
As a lay person trying to learn, can I ask a question about the benefits of repository vs branch? Since I haven't really used CVS, I don't know the +/-, but would have proposed: A) Servlet 2.4 JSP 2.0 API Use new jakarta-servletapi-5.0 B) Catalina 2.0 Use new jakarta-tomcat-catalina-2.0 C) Coyote 2.0 use new jakarta-tomcat-connectors-2.0 D) Tomcat 5.0 Use new jakarta-tomcat-5.0 E) Jasper 2.0 use new jakarta-tomcat-jasper-2.0 Which would seem more consistent, for someone just trying to dip in for the first time. Mitchell Evan Marx[EMAIL PROTECTED] ATT IP Network Configuration Provisioning Development -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 9:37 AM To: Tomcat Developers List Subject: Re: [5.0] [VOTE] New branches and repositories On Thu, 11 Jul 2002, Remy Maucherat wrote: ballot A) Servlet 2.4 JSP 2.0 API 1. [X] Use new jakarta-servletapi-5 2. [ ] Use the HEAD of jakarta-servletapi 3. [ ] Other: B) Catalina 2.0 1. [X] Use new jakarta-tomcat-catalina 2. [ ] Use new jakarta-tomcat-5.0 3. [ ] Use the HEAD of jakarta-tomcat-4.0 4. [ ] Other: C) Coyote 2.0 1. [X] Yes, use the HEAD of jakarta-tomcat-connectors 2. [ ] No, use: D) Tomcat 5.0 1. [X] Use new jakarta-tomcat-5.0 2. [ ] Use the HEAD of jakarta-tomcat-4.0 3. [ ] Use the HEAD of jakarta-tomcat 4. [ ] Other: That's a hard one... I would like it to go in jakarta-tomcat, but the current CVS organization is a mess and would create more problems. I'm actually more on jakarta-tomcat-5 ( without the .0 - since 5.1 will be in this CVS too ) E) Jasper 2.0 1. [X] Yes, use the HEAD of jakarta-tomcat-jasper 2. [ ] No, use: /ballot -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]