tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "NAIK,ROSHAN (HP-Cupertino,ex1)" <roshan.n...@hp.com>
Subject RE: [ANN] Apache Tomcat 4.1.27 Stable released
Date Thu, 07 Aug 2003 17:42:13 GMT
Hi Remy,
Are these security bugs existing in all versions of Tomcat 4
prior to 4.1.27 ? Or was there a version of Tomcat where these 
were introduced ? I couldnt find the reference to these security
issues on the tomcat web site section mentioning the 4.1.27 release. 
This information will be very much useful since we may need to
redeploy our free HPUX Tomcat distribution to customers.

Thanks,
--Roshan

> -----Original Message-----
> From: Remy Maucherat [mailto:remm@apache.org]
> Sent: Thursday, July 31, 2003 10:59 PM
> To: announcements@jakarta.apache.org; Tomcat Developers List;
> tomcat-user@jakarta.apache.org
> Subject: [ANN] Apache Tomcat 4.1.27 Stable released
> 
> 
> The Tomcat Team announces the immediate availability of Apache Tomcat 
> 4.1.27 Stable. Among other bugfixes and improvements, Tomcat 4.1.27 
> includes security fixes for:
> 
> - Improper recycling of SSL client certificates with Coyote JK 2
> - Improper handling of invalid content lengths in requests, 
> causing HTTP 
> processors to be left in an invalid state in Coyote HTTP/1.1, 
> causing a 
> DoS condition
> - URI normalization bug in Coyote
> - Improper handling of certain URLs in Coyote JK 2, causing a 
> DoS condition
> 
> Downloads: http://jakarta.apache.org/site/binindex.cgi
> 
> Remy
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 

Mime
View raw message