Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 89242 invoked from network); 25 Sep 2008 11:38:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Sep 2008 11:38:34 -0000 Received: (qmail 29523 invoked by uid 500); 25 Sep 2008 11:38:30 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 29472 invoked by uid 500); 25 Sep 2008 11:38:30 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 29460 invoked by uid 99); 25 Sep 2008 11:38:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Sep 2008 04:38:30 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Sep 2008 11:37:37 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 7068823889BA; Thu, 25 Sep 2008 04:38:11 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r698929 - /tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Date: Thu, 25 Sep 2008 11:38:11 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080925113811.7068823889BA@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: markt Date: Thu Sep 25 04:38:10 2008 New Revision: 698929 URL: http://svn.apache.org/viewvc?rev=698929&view=rev Log: Update release notes ready for 4.1.38 Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt?rev=698929&r1=698928&r2=698929&view=diff ============================================================================== --- tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt (original) +++ tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Thu Sep 25 04:38:10 2008 @@ -1736,6 +1736,10 @@ [4.1.38] #44562 HEAD requests failed with rd.include(). Patch provided by David Jencks. +[4.1.38] Request Dispatcher + Extract the query string befire the URI is normalised. + This is CVE-2008-2370 + ---------------- Coyote Bug Fixes: @@ -2005,10 +2009,15 @@ [4.1.38] CoyoteConnector Add additional checks for URI normalization. + This is CVE-2008-2938 [4.1.38] CoyoteConnector Remove JDK 1.4 dependency. +[4.1.38] CoyoteConnector + Don't used custom status messages in HTTP headers. + This is CVE-2008-1232 + ---------------- Jasper Bug Fixes: ---------------- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org