Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-08-11 Thread Mark Thomas
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Sunday, July 26, 2015 10:16 PM To: Tomcat Users List users@tomcat.apache.org Subject: Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111 On 20/07/2015 10:58, Kreuser, Peter wrote: snip/ Hi Mark, I

Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-08-11 Thread Christopher Schultz
: Question concerning mod_jk Security Fix CVE-2014-8111 On 20/07/2015 10:58, Kreuser, Peter wrote: snip/ Hi Mark, I appreciate your open comment and that clarifies the lengthy wait. I trust that now the solution gets going and will be solved soonish. I'm in no position to criticize any

Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-08-08 Thread Christopher Schultz
votes to release. http://tomcat.markmail.org/thread/evury5r6rwcls5df - -chris -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Sunday, July 26, 2015 10:16 PM To: Tomcat Users List users@tomcat.apache.org Subject: Re: AW: Question concerning mod_jk Security Fix CVE

Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-08-08 Thread Chinoy Gupta
[mailto:ma...@apache.org] Sent: Sunday, July 26, 2015 10:16 PM To: Tomcat Users List users@tomcat.apache.org Subject: Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111 On 20/07/2015 10:58, Kreuser, Peter wrote: snip/ Hi Mark, I appreciate your open comment and that clarifies

Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-08-08 Thread Felix Schumacher
...@apache.org] Sent: Sunday, July 26, 2015 10:16 PM To: Tomcat Users List users@tomcat.apache.org Subject: Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111 On 20/07/2015 10:58, Kreuser, Peter wrote: snip/ Hi Mark, I appreciate your open comment and that clarifies the lengthy wait. I

RE: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-08-05 Thread Chinoy Gupta
Hi, When can we expect the release of JK 1.2.41 source code? Regards, Chinoy -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Sunday, July 26, 2015 10:16 PM To: Tomcat Users List users@tomcat.apache.org Subject: Re: AW: Question concerning mod_jk Security Fix CVE

Re: AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-07-26 Thread Mark Thomas
On 20/07/2015 10:58, Kreuser, Peter wrote: snip/ Hi Mark, I appreciate your open comment and that clarifies the lengthy wait. I trust that now the solution gets going and will be solved soonish. I'm in no position to criticize any wrongdoing on this CVE. I only hope to find a clearer

AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-07-20 Thread Kreuser, Peter
-Urspr√ľngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Freitag, 17. Juli 2015 12:33 An: Tomcat Users List Betreff: Re: Question concerning mod_jk Security Fix CVE-2014-8111 On 16/07/2015 13:16, Kreuser, Peter wrote: Please let me repeat my question from

Re: Question concerning mod_jk Security Fix CVE-2014-8111

2015-07-17 Thread Mark Thomas
On 16/07/2015 13:16, Kreuser, Peter wrote: Please let me repeat my question from June 6th: Why is this CVE still not addressed in Apache Tomcat JK Connectors vulnerabilities http://tomcat.apache.org/security-jk.html? http://www.cvedetails.com/cve/CVE-2014-8111/ I'm a project committer

Question concerning mod_jk Security Fix CVE-2014-8111

2015-07-16 Thread Kreuser, Peter
Please let me repeat my question from June 6th: Why is this CVE still not addressed in Apache Tomcat JK Connectors vulnerabilities http://tomcat.apache.org/security-jk.html? http://www.cvedetails.com/cve/CVE-2014-8111/ - Hi, could you please tell us, when the

Re: Question concerning mod_jk Security Fix CVE-2014-8111

2015-06-08 Thread Pascal Wittmann
Hi Peter, I've asked the same question on 31.05 but got no reply so far. Thanks for the RedHat link. Regards, Pascal On 06/08/2015 01:43 PM, Kreuser, Peter wrote: Hi, could you please tell us, when the fixed mod_jk-Version 1.2.41 will be publicly available? The webpage does not

Question concerning mod_jk Security Fix CVE-2014-8111

2015-06-08 Thread Kreuser, Peter
Hi, could you please tell us, when the fixed mod_jk-Version 1.2.41 will be publicly available? The webpage does not mention any vulnerability at all, plus no newer release than the vulnerable 1.2.40. For now RedHat mentions only the fix to the source code from December 2014.