Re: [VOTE] [4.0.5] [4.1.12] Security releases
On September 23, 2002 10:04 am, Remy Maucherat wrote: A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X ] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X ] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[VOTE] [4.0.5] [4.1.12] Security releases
A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [ ] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [ ] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [+1] Yes, I approve this release -1 [ ] No, because: /ballot Which JTC should be used ? Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [+1] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Remy Maucherat wrote: A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Remy Maucherat wrote: A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X ] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X ] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Henri Gomez wrote: Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [+1] Yes, I approve this release -1 [ ] No, because: /ballot Which JTC should be used ? I bundled the latest JTC binaries for Coyote HTTP/1.1, and for AJP 1.3 (although it has been fairly stable lately, and shouldn't introduce many changes over 4.0.4). JK 2 is not included. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Remy, Here's my votes. Patrick Tomcat 4.0.5 release ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot -- Patrick Luby Email: [EMAIL PROTECTED] Sun Microsystems Phone: 408-276-7471 901 San Antonio Road, USCA14-303 Palo Alto, CA 94303-4900 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Remy Maucherat wrote: Henri Gomez wrote: Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [+1] Yes, I approve this release -1 [ ] No, because: /ballot Which JTC should be used ? I bundled the latest JTC binaries for Coyote HTTP/1.1, and for AJP 1.3 (although it has been fairly stable lately, and shouldn't introduce many changes over 4.0.4). Ok, but you should also include the JTC source tarball isn't it ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Amy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
Remy Maucherat wrote: A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
- Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Monday, September 23, 2002 7:04 AM Subject: [VOTE] [4.0.5] [4.1.12] Security releases A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [VOTE] [4.0.5] [4.1.12] Security releases
-Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 10:05 AM To: Tomcat Developers List Subject: [VOTE] [4.0.5] [4.1.12] Security releases A security vulnerability which affects all releases of Tomcat 4.x has been discovered. It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: mailto:tomcat-dev- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] [4.0.5] [4.1.12] Security releases
On Mon, 23 Sep 2002, Remy Maucherat wrote: Tomcat 4.0.5 release Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot Tomcat 4.1.12 Stable release Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. ballot +1 [X] Yes, I approve this release -1 [ ] No, because: /ballot -- Denis Benoit [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]