tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Frederic <jfcl...@gmail.com>
Subject [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released
Date Fri, 02 Mar 2007 16:02:12 GMT
The Apache Tomcat team is pleased to announce the immediate availability
of version 1.2.21 of the Apache Tomcat Connectors.

It contains connectors, which allow a web server such as Apache HTTPD,
Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web
application server.

This version of mod_jk is principally a bug and security fix release. 
The following potential security flaw is addressed:

CVE-2007-0774:
Fix a buffer overflow in map_uri_to_worker().
URL longer that 4095 were crashing mod_jk. This could have allow
different kind of attacks. Reported by ZDI.
Please note this issue only
affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server
Connector and not previous versions.  Tomcat 5.5.20 and Tomcat 4.1.34
included a vulnerable version in their source packages.
Other versions of Tomcat were not affected.

See http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
for a complete list of changes.

Source distribtions can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Binary distributions for a number of different operating systems and
web servers can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5
can be found at:

http://tomcat.apache.org/connectors-doc/

Thank you,

-- The Apache Tomcat Team



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message