Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 39938 invoked from network); 23 Sep 2002 18:22:49 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 23 Sep 2002 18:22:49 -0000 Received: (qmail 20634 invoked by uid 97); 23 Sep 2002 18:23:23 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 20618 invoked by uid 97); 23 Sep 2002 18:23:22 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 20585 invoked by uid 98); 23 Sep 2002 18:23:22 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Message-ID: <013c01c2632e$5d1b9790$ec66a8c0@bbarkerxp> From: "Bill Barker" To: "Tomcat Developers List" References: <3D8F1F8B.5030306@apache.org> Subject: Re: [VOTE] [4.0.5] [4.1.12] Security releases Date: Mon, 23 Sep 2002 11:23:49 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Archived: msg.XXOPxiKa@sneezy X-Scanned-By: MIMEDefang 2.11 (www dot roaringpenguin dot com slash mimedefang) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ----- Original Message ----- From: "Remy Maucherat" To: "Tomcat Developers List" Sent: Monday, September 23, 2002 7:04 AM Subject: [VOTE] [4.0.5] [4.1.12] Security releases > A security vulnerability which affects all releases of Tomcat 4.x has > been discovered. > > It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at > which time the exploit will be publicized. The security advisory will > also include an easy workaround to protect existing Tomcat > installations, so upgrading is not a necessity. > > Tomcat 4.0.5 release > -------------------- > > Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: > - a bugfix to URL parsing > - the security fix > > > +1 [X] Yes, I approve this release > -1 [ ] No, because: > > > > Tomcat 4.1.12 Stable release > ---------------------------- > > Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its > release. Tomcat 4.1.11, on which the release is based, has recieved > positive feedback so far. The list of changes is available in the > release notes. > It is proposed that it recieves a Stable rating. The existing 4.1.10 > release will be retired. > > > +1 [X] Yes, I approve this release > -1 [ ] No, because: > > > > The proposed binaries for 4.0.5 and 4.1.12 are available at: > http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ > http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ > > 4.0.5 was packaged on my new computer (which I have been using for all > the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please > let me know if there are problems. > > Remy > > > -- > To unsubscribe, e-mail: > For additional commands, e-mail: > -- To unsubscribe, e-mail: For additional commands, e-mail: