tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Date Tue, 23 Nov 2010 10:07:36 GMT
The processing of applying the digital signature to the original e-mail
made the patches hard to read. E-mail clients that can process digital
signatures should undo this formatting.

For those folks with an e-mail client that can't process OpenGPG signed
e-mail, the patches have been placed on the download mirrors as part of
the 6.0.29 and 7.0.4 distributions. To obtain the patches:

For Tomcat 6
- Open http://tomcat.apache.org/download-60.cgi
- Select 'Browse' from the Quick Navigation section
- Select the patches directory

For Tomcat 7
- Open http://tomcat.apache.org/download-70.cgi
- Select 'Browse' from the Quick Navigation section
- Select the patches directory

The Apache Tomcat Security Team

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message