tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kkoli...@apache.org
Subject svn commit: r1169992 - in /tomcat/site/trunk: docs/security-7.html xdocs/security-7.xml xdocs/stylesheets/tomcat-site.xsl
Date Tue, 13 Sep 2011 01:04:36 GMT
Author: kkolinko
Date: Tue Sep 13 01:04:36 2011
New Revision: 1169992

URL: http://svn.apache.org/viewvc?rev=1169992&view=rev
Log:
tomcat-site.xsl:
  Copy <rev> and <bug> tags from tomcat-docs.xls.
  Add <cve> tag for links to CVE pages.
security-7.xml:
  Simplify markup.

Modified:
    tomcat/site/trunk/docs/security-7.html
    tomcat/site/trunk/xdocs/security-7.xml
    tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl

Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1169992&r1=1169991&r2=1169992&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue Sep 13 01:04:36 2011
@@ -343,9 +343,7 @@
        </ul>
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1162958&amp;view=rev">
-       1162958</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162958">revision
1162958</a>.</p>
 
     <p>This was reported publicly on 20th August 2011.</p>
 
@@ -354,7 +352,7 @@
     <p>Mitigation options:</p>  
     <ul>
       <li>Upgrade to Tomcat 7.0.21</li>
-      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162958&amp;view=rev">patch</a>
+      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162958">patch</a>
 </li>
       <li>Configure both Tomcat and the reverse proxy to use a shared secret
        ("requiredSecret" attribute in
@@ -410,9 +408,7 @@
        this vulnerability.
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1153379&amp;view=rev">
-       1153379</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1153379">revision
1153379</a>.</p>
 
     <p>This was identified by Wilfried Weissmann on 20 July 2011 and made public
        on 12 August 2011.</p>
@@ -476,16 +472,11 @@
     </p>
 
     <p>This was fixed in revisions
-       <a href="http://svn.apache.org/viewvc?rev=1145383&amp;view=rev">
-       1145383</a>,
-       <a href="http://svn.apache.org/viewvc?rev=1145489&amp;view=rev">
-       1145489</a>,
-       <a href="http://svn.apache.org/viewvc?rev=1145571&amp;view=rev">
-       1145571</a>,
-       <a href="http://svn.apache.org/viewvc?rev=1145694&amp;view=rev">
-       1145694</a> and
-       <a href="http://svn.apache.org/viewvc?rev=1146005&amp;view=rev">
-       1146005</a>.</p>
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145383">1145383</a>,
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145489">1145489</a>,
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145571">1145571</a>,
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145694">1145694</a>
and
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1146005">1146005</a>.</p>
 
     <p>This was identified by the Tomcat security team on 7 July 2011 and
        made public on 13 July 2011.</p>
@@ -514,9 +505,7 @@
        do not have these permissions but are able to read log files may be able
        to discover a user's password.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1140070&amp;view=rev">
-       revision 1140070</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1140070">revision
1140070</a>.</p>
 
     <p>This was identified by Polina Genova on 14 June 2011 and
        made public on 27 June 2011.</p>
@@ -529,8 +518,8 @@
 </p>
 
     <p>The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
-       vulnerability previously reported as
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783" rel="nofollow">CVE-2009-0783</a>.
This was initially
+       vulnerability previously reported as <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"
rel="nofollow">CVE-2009-0783</a>.
+       This was initially
        <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=51395">
        reported</a> as a memory leak. If a web application is the first web
        application loaded, this bugs allows that web application to potentially

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1169992&r1=1169991&r2=1169992&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue Sep 13 01:04:36 2011
@@ -29,8 +29,7 @@
 
     <p><strong>Important: Authentication bypass and information disclosure
        </strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190"
-       rel="nofollow">CVE-2011-3190</a></p>
+       <cve>CVE-2011-3190</cve></p>
 
     <p>Apache Tomcat supports the AJP protocol which is used with reverse
        proxies to pass requests and associated data about the request from the
@@ -50,9 +49,7 @@
        </ul>
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1162958&amp;view=rev">
-       1162958</a>.</p>
+    <p>This was fixed in <revlink rev="1162958">revision 1162958</revlink>.</p>
 
     <p>This was reported publicly on 20th August 2011.</p>
 
@@ -61,7 +58,7 @@
     <p>Mitigation options:</p>  
     <ul>
       <li>Upgrade to Tomcat 7.0.21</li>
-      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162958&amp;view=rev">patch</a></li>
+      <li>Apply the appropriate <revlink rev="1162958">patch</revlink></li>
       <li>Configure both Tomcat and the reverse proxy to use a shared secret
        ("requiredSecret" attribute in
        <a href="/tomcat-7.0-doc/config/ajp.html">&lt;Connector&gt;</a>;
@@ -74,8 +71,7 @@
   <section name="Fixed in Apache Tomcat 7.0.20">
 
     <p><strong>Important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729"
-       rel="nofollow">CVE-2011-2729</a></p>
+       <cve>CVE-2011-2729</cve></p>
 
     <p>Due to a bug in the capabilities code, jsvc (the service wrapper for
        Linux that is part of the Commons Daemon project) does not drop
@@ -91,9 +87,7 @@
        this vulnerability.
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1153379&amp;view=rev">
-       1153379</a>.</p>
+    <p>This was fixed in <revlink rev="1153379">revision 1153379</revlink>.</p>
 
     <p>This was identified by Wilfried Weissmann on 20 July 2011 and made public
        on 12 August 2011.</p>
@@ -105,8 +99,7 @@
   <section name="Fixed in Apache Tomcat 7.0.19">
 
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526"
-       rel="nofollow">CVE-2011-2526</a></p>
+       <cve>CVE-2011-2526</cve></p>
 
     <p>Tomcat provides support for sendfile with the HTTP NIO and HTTP APR
        connectors. sendfile is used automatically for content served via the
@@ -132,16 +125,11 @@
     </p>
 
     <p>This was fixed in revisions
-       <a href="http://svn.apache.org/viewvc?rev=1145383&amp;view=rev">
-       1145383</a>,
-       <a href="http://svn.apache.org/viewvc?rev=1145489&amp;view=rev">
-       1145489</a>,
-       <a href="http://svn.apache.org/viewvc?rev=1145571&amp;view=rev">
-       1145571</a>,
-       <a href="http://svn.apache.org/viewvc?rev=1145694&amp;view=rev">
-       1145694</a> and
-       <a href="http://svn.apache.org/viewvc?rev=1146005&amp;view=rev">
-       1146005</a>.</p>
+       <revlink rev="1145383">1145383</revlink>,
+       <revlink rev="1145489">1145489</revlink>,
+       <revlink rev="1145571">1145571</revlink>,
+       <revlink rev="1145694">1145694</revlink> and
+       <revlink rev="1146005">1146005</revlink>.</p>
 
     <p>This was identified by the Tomcat security team on 7 July 2011 and
        made public on 13 July 2011.</p>
@@ -155,8 +143,7 @@
        included in the list of affected versions.</i></p>
 
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"
-       rel="nofollow">CVE-2011-2204</a></p>
+       <cve>CVE-2011-2204</cve></p>
 
     <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
        creating users via JMX, an exception during the user creation process may
@@ -167,9 +154,7 @@
        do not have these permissions but are able to read log files may be able
        to discover a user&apos;s password.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1140070&amp;view=rev">
-       revision 1140070</a>.</p>
+    <p>This was fixed in <revlink rev="1140070">revision 1140070</revlink>.</p>
 
     <p>This was identified by Polina Genova on 14 June 2011 and
        made public on 27 June 2011.</p>
@@ -177,13 +162,11 @@
     <p>Affects: 7.0.0-7.0.16</p>
   
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481"
-       rel="nofollow">CVE-2011-2481</a></p>
+       <cve>CVE-2011-2481</cve></p>
 
     <p>The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
-       vulnerability previously reported as
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"
-       rel="nofollow">CVE-2009-0783</a>. This was initially
+       vulnerability previously reported as <cve>CVE-2009-0783</cve>.
+       This was initially
        <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=51395">
        reported</a> as a memory leak. If a web application is the first web
        application loaded, this bugs allows that web application to potentially

Modified: tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl?rev=1169992&r1=1169991&r2=1169992&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl (original)
+++ tomcat/site/trunk/xdocs/stylesheets/tomcat-site.xsl Tue Sep 13 01:04:36 2011
@@ -17,7 +17,9 @@
 
   <!-- Defined parameters (overrideable) -->
   <xsl:param    name="relative-path" select="'.'"/>
+  <xsl:param    name="buglink"       select="'https://issues.apache.org/bugzilla/show_bug.cgi?id='"/>
   <xsl:param    name="revlink"       select="'http://svn.apache.org/viewvc?view=rev&amp;rev='"/>
+  <xsl:param    name="cvelink"       select="'http://cve.mitre.org/cgi-bin/cvename.cgi?name='"/>
 
   <!-- Defined variables (non-overrideable) -->
   <xsl:variable name="body-bg"       select="'#ffffff'"/>
@@ -334,13 +336,31 @@
     </div>
   </xsl:template>
 
+  <!-- Link to a bug report -->
+  <xsl:template match="bug">
+      <xsl:variable name="link"><xsl:value-of select="$buglink"/><xsl:value-of
select="text()"/></xsl:variable>
+      <a href="{$link}"><xsl:apply-templates/></a>
+  </xsl:template>
+
+  <!-- Link to a SVN revision report -->
+  <xsl:template match="rev">
+      <xsl:variable name="link"><xsl:value-of select="$revlink"/><xsl:value-of
select="text()"/></xsl:variable>
+      <a href="{$link}">r<xsl:apply-templates/></a>
+  </xsl:template>
+
   <!-- Link to a SVN revision report -->
-  <!-- It is similar to <rev> tag in tomcat-docs.xsl, but allows arbitrary text
inside -->
+  <!-- It is similat to <rev> tag, but allows arbitrary text inside -->
   <xsl:template match="revlink">
       <xsl:variable name="link"><xsl:value-of select="$revlink"/><xsl:value-of
select="@rev"/></xsl:variable>
       <a href="{$link}"><xsl:apply-templates/></a>
   </xsl:template>
 
+  <!-- Link to a CVE report -->
+  <xsl:template match="cve">
+      <xsl:variable name="link"><xsl:value-of select="$cvelink"/><xsl:value-of
select="text()"/></xsl:variable>
+      <a href="{$link}" rel="nofollow"><xsl:apply-templates/></a>
+  </xsl:template>
+
   <!-- specially process td tags ala site.vsl -->
   <xsl:template match="table[@class='detail-table']/tr/td">
     <td bgcolor="{$table-td-bg}" valign="top" align="left">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message