Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 59108 invoked from network); 29 Sep 2003 20:20:38 -0000 Received: from unknown (HELO whiskey.wilshire.com) (209.0.86.69) by daedalus.apache.org with SMTP; 29 Sep 2003 20:20:38 -0000 Received: from thunderbird.wilshire.com (thunderbird.wilshire.com [192.168.14.20]) by whiskey.wilshire.com (8.12.3/8.12.3/Debian-6.6) with ESMTP id h8TKKhkl020461 for ; Mon, 29 Sep 2003 13:20:43 -0700 Received: from bbarkerxp (host1-129.wilshire.com [192.168.1.129] (may be forged)) by thunderbird.wilshire.com (8.12.10/8.12.9) with SMTP id h8TKKgHI018137 for ; Mon, 29 Sep 2003 13:20:42 -0700 (PDT) Message-ID: <019c01c386c7$427dcb20$ec66a8c0@bbarkerxp> From: "Bill Barker" To: "Tomcat Developers List" References: <9C5166762F311146951505C6790A9CF8013DF3A7@US-VS1.corp.mpi.com> <012301c386c0$6d943c60$ec66a8c0@bbarkerxp> <3279.208.48.139.163.1064864027.squirrel@www.greenhydrant.com> Subject: Re: Jakarta Tomcat 4.1 XSS vulnerability Date: Mon, 29 Sep 2003 13:21:26 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_1064866843-14822-276" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Archived: msg.XXipcJDm@thunderbird X-Scanned-By: MIMEDefang 2.36 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------------=_1064866843-14822-276 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline ----- Original Message ----- From: "David Rees" To: "Tomcat Developers List" Sent: Monday, September 29, 2003 12:33 PM Subject: Re: Jakarta Tomcat 4.1 XSS vulnerability > On Mon, September 29, 2003 1at 2:32 pm, Bill Barker sent the following > > Remy has already patched the HTTP Connector for this one (both Tomcat > > 4&5). I believe that the patch still needs to be ported to the JK2 > > Connector. > > Thanks for the update, Bill. Hope to see Tomcat 4.1.28 out soon, look > like we could be seeing it as soon as next week. > Ok, that's what I get for working from memory. Actually, Remy's patch is currently only in TC 5. It still needs to be applied to TC 4 (as well as the JK2 Connector for both versions). > Thanks, > Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org > ------------=_1064866843-14822-276 Content-Type: text/plain; name="disclaimer.txt" Content-Disposition: inline; filename="disclaimer.txt" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. ------------=_1064866843-14822-276--