tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Jakarta Tomcat 4.1 XSS vulnerability
Date Mon, 29 Sep 2003 20:21:26 GMT
----- Original Message -----
From: "David Rees" <dbr@greenhydrant.com>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Monday, September 29, 2003 12:33 PM
Subject: Re: Jakarta Tomcat 4.1 XSS vulnerability


> On Mon, September 29, 2003 1at 2:32 pm, Bill Barker sent the following
> > Remy has already patched the HTTP Connector for this one (both Tomcat
> > 4&5). I believe that the patch still needs to be ported to the JK2
> > Connector.
>
> Thanks for the update, Bill.  Hope to see Tomcat 4.1.28 out soon, look
> like we could be seeing it as soon as next week.
>

Ok, that's what I get for working from memory.  Actually, Remy's patch is
currently only in TC 5.  It still needs to be applied to TC 4 (as well as
the JK2 Connector for both versions).

> Thanks,
> Dave
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>


Mime
View raw message