tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kkoli...@apache.org
Subject svn commit: r1174384 - in /tomcat/site/trunk: docs/security-6.html xdocs/security-6.xml
Date Thu, 22 Sep 2011 20:52:33 GMT
Author: kkolinko
Date: Thu Sep 22 20:52:33 2011
New Revision: 1174384

URL: http://svn.apache.org/viewvc?rev=1174384&view=rev
Log:
Simplify the markup

Modified:
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1174384&r1=1174383&r2=1174384&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Sep 22 20:52:33 2011
@@ -357,9 +357,7 @@
        </ul>
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1162959&amp;view=rev">
-       1162959</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162959">revision 1162959</a>.</p>
 
     <p>This was reported publicly on 20th August 2011.</p>
 
@@ -433,9 +431,7 @@
        do not have these permissions but are able to read log files may be able
        to discover a user's password.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1140071&amp;view=rev">
-       revision 1140071</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1140071">revision 1140071</a>.</p>
 
     <p>This was identified by Polina Genova on 14 June 2011 and
        made public on 27 June 2011.</p>
@@ -470,9 +466,7 @@
        </ul>
     </p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1146703&amp;view=rev">
-       revision 1146703</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1146703">revision 1146703</a>.</p>
 
     <p>This was identified by the Tomcat security team on 7 July 2011 and
        made public on 13 July 2011.</p>
@@ -498,9 +492,7 @@
        this vulnerability.
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1153824&amp;view=rev">
-       1153824</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1153824">revision 1153824</a>.</p>
 
     <p>This was identified by Wilfried Weissmann on 20 July 2011 and made public
        on 12 August 2011.</p>
@@ -557,9 +549,7 @@
        processing. That behaviour can be used for a denial of service attack
        using a carefully crafted request.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1066313&amp;view=rev">
-       revision 1066313</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066313">revision 1066313</a>.</p>
 
     <p>This was identified by the Tomcat security team on 27 Jan 2011 and
        made public on 5 Feb 2011.</p>
@@ -609,9 +599,7 @@
        trigger script execution by an administrative user when viewing the
        manager pages.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1057270&amp;view=rev">
-       revision 1057270</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1057270">revision 1057270</a>.</p>
 
     <p>This was identified by the Tomcat security team on 12 Nov 2010 and
        made public on 5 Feb 2011.</p>
@@ -627,9 +615,7 @@
        orderBy directly without filtering thereby permitting cross-site
        scripting.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1037779&amp;view=rev">
-       revision 1037779</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1037779">revision 1037779</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
        made public on 22 Nov 2010.</p>
@@ -655,9 +641,7 @@
        applicable when hosting web applications from untrusted sources such as
        shared hosting environments.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1022560&amp;view=rev">
-       revision 1022560</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1022560">revision 1022560</a>.</p>
 
     <p>This was discovered by the Tomcat security team on 12 Oct 2010 and
        made public on 5 Feb 2011.</p>
@@ -709,11 +693,9 @@
        information to leak between requests. This flaw is mitigated if Tomcat is
        behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
        reject the invalid transfer encoding header.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=958977&amp;view=rev">
-       revision 958977</a>.</p>
-       
+
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=958977">revision 958977</a>.</p>
+
     <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
        made public on 9 Jul 2010.</p>
 
@@ -742,9 +724,7 @@
        the local host name or IP address of the machine running Tomcat.
     </p>
        
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=936540&amp;view=rev">
-       revision 936540</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=936540">revision 936540</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 31 Dec 2009 and
        made public on 21 Apr 2010.</p>
@@ -801,9 +781,7 @@
        outside of the web root by including entries such as
        <code>../../bin/catalina.sh</code> in the WAR.</p>
        
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=892815&amp;view=rev">
-       revision 892815</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=892815">revision 892815</a>.</p>
        
     <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
        made public on 1 Mar 2010.</p>
@@ -823,11 +801,9 @@
        security constraints may be deployed without those security constraints,
        making them accessible without authentication. This issue only affects
        Windows platforms.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=892815&amp;view=rev">
-       revision 892815</a>.</p>
-       
+
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=892815">revision 892815</a>.</p>
+
     <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
        made public on 1 Mar 2010.</p>
 
@@ -843,11 +819,9 @@
        <code>...war</code> allows an attacker to cause the deletion of the
        current contents of the host's work directory which may cause problems
        for currently running applications.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=892815&amp;view=rev">
-       revision 892815</a>.</p>
-       
+
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=892815">revision 892815</a>.</p>
+
     <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
        made public on 1 Mar 2010.</p>
 
@@ -863,9 +837,7 @@
        a user is created with the name admin, roles admin and manager and a
        blank password.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=881771&amp;view=rev">
-       revision 881771</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=881771">revision 881771</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 26 Oct 2009 and
        made public on 9 Nov 2009.</p>
@@ -922,9 +894,7 @@
        content that would otherwise be protected by a security constraint or by
        locating it in under the WEB-INF directory.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=734734&amp;view=rev">
-       revision 734734</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=734734">revision 734734</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 11 Dec 2008 and
        made public on 8 Jun 2009.</p>
@@ -943,9 +913,7 @@
        from use for approximately one minute. Thus the behaviour can be used for
        a denial of service attack using a carefully crafted request.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=742915&amp;view=rev">
-       revision 742915</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=742915">revision 742915</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 26 Jan 2009 and
        made public on 3 Jun 2009.</p>
@@ -962,9 +930,7 @@
        supplying illegally URL encoded passwords. The attack is possible if FORM
        based authentication (j_security_check) is used with the MemoryRealm.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=747840&amp;view=rev">
-       revision 747840</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=747840">revision 747840</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 25 Feb 2009 and
        made public on 3 Jun 2009.</p>
@@ -980,9 +946,7 @@
        XSS flaw due to invalid HTML which renders the XSS filtering protection
        ineffective.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=750924&amp;view=rev">
-       revision 750924</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=750924">revision 750924</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 5 Mar 2009 and
        made public on 3 Jun 2009.</p>
@@ -994,20 +958,15 @@
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783" rel="nofollow">CVE-2009-0783</a>
 </p>
 
-    <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936">
-       29936</a> and
-       <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933">
-       45933</a> allowed a web application to replace the XML parser used by
+    <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936">29936</a> and <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933">45933</a> allowed a web application
+       to replace the XML parser used by
        Tomcat to process web.xml, context.xml and tld files. In limited
        circumstances these bugs may allow a rogue web application to view and/or
        alter the web.xml, context.xml and tld files of other web applications
        deployed on the Tomcat instance.</p>
 
-    <p>This was fixed in revisions 
-       <a href="http://svn.apache.org/viewvc?rev=652592&amp;view=rev">
-       652592</a> and
-       <a href="http://svn.apache.org/viewvc?rev=739522&amp;view=rev">
-       739522</a>.</p>
+    <p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=652592">652592</a> and
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=739522">739522</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 2 Mar 2009 and
        made public on 4 Jun 2009.</p>
@@ -1066,9 +1025,7 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=673834&amp;view=rev">
-       revision 673834</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=673834">revision 673834</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 24 Jan 2008 and
        made public on 1 Aug 2008.</p>
@@ -1085,9 +1042,7 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=662585&amp;view=rev">
-       revision 662585</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=662585">revision 662585</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 15 May 2008 and
        made public on 28 May 2008.</p>
@@ -1104,10 +1059,8 @@
        request parameter could be used to access content that would otherwise be 
        protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=673839&amp;view=rev">
-       revision 673839</a>.</p>
+
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=673839">revision 673839</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 13 Jun 2008 and
        made public on 1 August 2008.</p>
@@ -1151,9 +1104,8 @@
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333" rel="nofollow">CVE-2007-5333</a>
 </p>
 
-    <p>The previous fix for
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385" rel="nofollow">CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
-       or %5C within a cookie value.</p>
+    <p>The previous fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385" rel="nofollow">CVE-2007-3385</a> was incomplete. It did
+       not consider the use of quotes or %5C within a cookie value.</p>
 
     <p>Affects: 6.0.0-6.0.14</p>
 
@@ -1552,8 +1504,7 @@
     </p>
 
     <p>A work-around for this JVM bug was provided in 
-       <a href="http://svn.apache.org/viewvc?rev=1066315&amp;view=rev">
-       revision 1066315</a>.</p>
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066315">revision 1066315</a>.</p>
 
     <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>
@@ -1591,10 +1542,9 @@
        application.</p>
 
     <p>A workaround was implemented in
-       <a href="http://svn.apache.org/viewvc?rev=881774&amp;view=rev">
-       revision 881774</a> and 
-       <a href="http://svn.apache.org/viewvc?rev=891292&amp;view=rev">
-       revision 891292</a> that provided the new allowUnsafeLegacyRenegotiation
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=881774">revision 881774</a> and 
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=891292">revision 891292</a>
+       that provided the new <code>allowUnsafeLegacyRenegotiation</code>
        attribute. This work around is included in Tomcat 6.0.21 onwards.</p>
        
     <p>
@@ -1624,8 +1574,8 @@
        status of this issue for your JVM, contact your JVM vendor.</p>
        
     <p>A workaround was implemented in
-       <a href="http://svn.apache.org/viewvc?rev=678137&amp;view=rev">
-       revision 678137</a> that protects against this and any similar character
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=678137">revision 678137</a>
+       that protects against this and any similar character
        encoding issues that may still exist in the JVM. This work around is
        included in Tomcat 6.0.18 onwards.</p>
   

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1174384&r1=1174383&r2=1174384&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Sep 22 20:52:33 2011
@@ -35,8 +35,7 @@
 
     <p><strong>Important: Authentication bypass and information disclosure
        </strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190"
-       rel="nofollow">CVE-2011-3190</a></p>
+       <cve>CVE-2011-3190</cve></p>
 
     <p>Apache Tomcat supports the AJP protocol which is used with reverse
        proxies to pass requests and associated data about the request from the
@@ -56,9 +55,7 @@
        </ul>
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1162959&amp;view=rev">
-       1162959</a>.</p>
+    <p>This was fixed in <revlink rev="1162959">revision 1162959</revlink>.</p>
 
     <p>This was reported publicly on 20th August 2011.</p>
 
@@ -91,8 +88,7 @@
   <section name="Fixed in Apache Tomcat 6.0.33">
 
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"
-       rel="nofollow">CVE-2011-2204</a></p>
+       <cve>CVE-2011-2204</cve></p>
 
     <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
        creating users via JMX, an exception during the user creation process may
@@ -103,9 +99,7 @@
        do not have these permissions but are able to read log files may be able
        to discover a user&apos;s password.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1140071&amp;view=rev">
-       revision 1140071</a>.</p>
+    <p>This was fixed in <revlink rev="1140071">revision 1140071</revlink>.</p>
 
     <p>This was identified by Polina Genova on 14 June 2011 and
        made public on 27 June 2011.</p>
@@ -113,8 +107,7 @@
     <p>Affects: 6.0.0-6.0.32</p>
   
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526"
-       rel="nofollow">CVE-2011-2526</a></p>
+       <cve>CVE-2011-2526</cve></p>
 
     <p>Tomcat provides support for sendfile with the HTTP NIO and HTTP APR
        connectors. sendfile is used automatically for content served via the
@@ -139,9 +132,7 @@
        </ul>
     </p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1146703&amp;view=rev">
-       revision 1146703</a>.</p>
+    <p>This was fixed in <revlink rev="1146703">revision 1146703</revlink>.</p>
 
     <p>This was identified by the Tomcat security team on 7 July 2011 and
        made public on 13 July 2011.</p>
@@ -149,8 +140,7 @@
     <p>Affects: 6.0.0-6.0.32</p>
 
     <p><strong>Important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729"
-       rel="nofollow">CVE-2011-2729</a></p>
+       <cve>CVE-2011-2729</cve></p>
 
     <p>Due to a bug in the capabilities code, jsvc (the service wrapper for
        Linux that is part of the Commons Daemon project) does not drop
@@ -166,9 +156,7 @@
        this vulnerability.
     </p>
 
-    <p>This was fixed in revision
-       <a href="http://svn.apache.org/viewvc?rev=1153824&amp;view=rev">
-       1153824</a>.</p>
+    <p>This was fixed in <revlink rev="1153824">revision 1153824</revlink>.</p>
 
     <p>This was identified by Wilfried Weissmann on 20 July 2011 and made public
        on 12 August 2011.</p>
@@ -186,16 +174,13 @@
        affected versions.</i></p>
 
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534"
-       rel="nofollow">CVE-2011-0534</a></p>
+       <cve>CVE-2011-0534</cve></p>
 
     <p>The NIO connector expands its buffer endlessly during request line
        processing. That behaviour can be used for a denial of service attack
        using a carefully crafted request.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1066313&amp;view=rev">
-       revision 1066313</a>.</p>
+    <p>This was fixed in <revlink rev="1066313">revision 1066313</revlink>.</p>
 
     <p>This was identified by the Tomcat security team on 27 Jan 2011 and
        made public on 5 Feb 2011.</p>
@@ -207,17 +192,14 @@
   <section name="Fixed in Apache Tomcat 6.0.30" rtext="released 13 Jan 2011">
   
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013"
-       rel="nofollow">CVE-2011-0013</a></p>
+       <cve>CVE-2011-0013</cve></p>
 
     <p>The HTML Manager interface displayed web application provided data, such
        as display names, without filtering. A malicious web application could
        trigger script execution by an administrative user when viewing the
        manager pages.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1057270&amp;view=rev">
-       revision 1057270</a>.</p>
+    <p>This was fixed in <revlink rev="1057270">revision 1057270</revlink>.</p>
 
     <p>This was identified by the Tomcat security team on 12 Nov 2010 and
        made public on 5 Feb 2011.</p>
@@ -225,16 +207,13 @@
     <p>Affects: 6.0.0-6.0.29</p>
 
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172"
-       rel="nofollow">CVE-2010-4172</a></p>
+       <cve>CVE-2010-4172</cve></p>
 
     <p>The Manager application used the user provided parameters sort and
        orderBy directly without filtering thereby permitting cross-site
        scripting.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1037779&amp;view=rev">
-       revision 1037779</a>.</p>
+    <p>This was fixed in <revlink rev="1037779">revision 1037779</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
        made public on 22 Nov 2010.</p>
@@ -242,8 +221,7 @@
     <p>Affects: 6.0.12-6.0.29</p>
 
     <p><strong>low: SecurityManager file permission bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718"
-       rel="nofollow">CVE-2010-3718</a></p>
+       <cve>CVE-2010-3718</cve></p>
 
     <p>When running under a SecurityManager, access to the file system is
        limited but web applications are granted read/write permissions to the
@@ -259,9 +237,7 @@
        applicable when hosting web applications from untrusted sources such as
        shared hosting environments.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=1022560&amp;view=rev">
-       revision 1022560</a>.</p>
+    <p>This was fixed in <revlink rev="1022560">revision 1022560</revlink>.</p>
 
     <p>This was discovered by the Tomcat security team on 12 Oct 2010 and
        made public on 5 Feb 2011.</p>
@@ -274,8 +250,7 @@
   
     <p><strong>Important: Remote Denial Of Service and Information Disclosure
        Vulnerability</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227"
-       rel="nofollow">CVE-2010-2227</a></p>
+       <cve>CVE-2010-2227</cve></p>
 
     <p>Several flaws in the handling of the 'Transfer-Encoding' header were
        found that prevented the recycling of a buffer. A remote attacker could
@@ -283,11 +258,9 @@
        information to leak between requests. This flaw is mitigated if Tomcat is
        behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
        reject the invalid transfer encoding header.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=958977&amp;view=rev">
-       revision 958977</a>.</p>
-       
+
+    <p>This was fixed in <revlink rev="958977">revision 958977</revlink>.</p>
+
     <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
        made public on 9 Jul 2010.</p>
 
@@ -300,8 +273,7 @@
        affected versions.</i></p>
          
     <p><strong>Low: Information disclosure in authentication headers</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157"
-       rel="nofollow">CVE-2010-1157</a></p>
+       <cve>CVE-2010-1157</cve></p>
 
     <p>The <code>WWW-Authenticate</code> HTTP header for BASIC and DIGEST
        authentication includes a realm name. If a
@@ -313,9 +285,7 @@
        the local host name or IP address of the machine running Tomcat.
     </p>
        
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=936540&amp;view=rev">
-       revision 936540</a>.</p>
+    <p>This was fixed in <revlink rev="936540">revision 936540</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 31 Dec 2009 and
        made public on 21 Apr 2010.</p>
@@ -332,17 +302,14 @@
          are not included in the list of affected versions.</i></p>
        
     <p><strong>Low: Arbitrary file deletion and/or alteration on deploy</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693"
-       rel="nofollow">CVE-2009-2693</a></p>
+       <cve>CVE-2009-2693</cve></p>
 
     <p>When deploying WAR files, the WAR files were not checked for directory
        traversal attempts. This allows an attacker to create arbitrary content
        outside of the web root by including entries such as
        <code>../../bin/catalina.sh</code> in the WAR.</p>
        
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=892815&amp;view=rev">
-       revision 892815</a>.</p>
+    <p>This was fixed in <revlink rev="892815">revision 892815</revlink>.</p>
        
     <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
        made public on 1 Mar 2010.</p>
@@ -350,8 +317,7 @@
     <p>Affects: 6.0.0-6.0.20</p>
 
     <p><strong>Low: Insecure partial deploy after failed undeploy</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901"
-       rel="nofollow">CVE-2009-2901</a></p>
+       <cve>CVE-2009-2901</cve></p>
 
     <p>By default, Tomcat automatically deploys any directories placed in a
        host's appBase. This behaviour is controlled by the autoDeploy attribute
@@ -361,47 +327,39 @@
        security constraints may be deployed without those security constraints,
        making them accessible without authentication. This issue only affects
        Windows platforms.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=892815&amp;view=rev">
-       revision 892815</a>.</p>
-       
+
+    <p>This was fixed in <revlink rev="892815">revision 892815</revlink>.</p>
+
     <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
        made public on 1 Mar 2010.</p>
 
     <p>Affects: 6.0.0-6.0.20 (Windows only)</p>
     
     <p><strong>Low: Unexpected file deletion in work directory</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902"
-       rel="nofollow">CVE-2009-2902</a></p>
+       <cve>CVE-2009-2902</cve></p>
 
     <p>When deploying WAR files, the WAR file names were not checked for
        directory traversal attempts. For example, deploying and undeploying
        <code>...war</code> allows an attacker to cause the deletion of the
        current contents of the host's work directory which may cause problems
        for currently running applications.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=892815&amp;view=rev">
-       revision 892815</a>.</p>
-       
+
+    <p>This was fixed in <revlink rev="892815">revision 892815</revlink>.</p>
+
     <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
        made public on 1 Mar 2010.</p>
 
     <p>Affects: 6.0.0-6.0.20</p>
     
     <p><strong>Low: Insecure default password</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"
-       rel="nofollow">CVE-2009-3548</a></p>
+       <cve>CVE-2009-3548</cve></p>
 
     <p>The Windows installer defaults to a blank password for the administrative
        user. If this is not changed during the install process, then by default
        a user is created with the name admin, roles admin and manager and a
        blank password.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=881771&amp;view=rev">
-       revision 881771</a>.</p>
+    <p>This was fixed in <revlink rev="881771">revision 881771</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 26 Oct 2009 and
        made public on 9 Nov 2009.</p>
@@ -417,8 +375,7 @@
        issues, 6.0.19 is not included in the list of affected versions.</i></p>
 
     <p><strong>Important: Information Disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515"
-       rel="nofollow">CVE-2008-5515</a></p>
+       <cve>CVE-2008-5515</cve></p>
 
     <p>When using a RequestDispatcher obtained from the Request, the target path
        was normalised before the query string was removed. A request that
@@ -426,9 +383,7 @@
        content that would otherwise be protected by a security constraint or by
        locating it in under the WEB-INF directory.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=734734&amp;view=rev">
-       revision 734734</a>.</p>
+    <p>This was fixed in <revlink rev="734734">revision 734734</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 11 Dec 2008 and
        made public on 8 Jun 2009.</p>
@@ -436,8 +391,7 @@
     <p>Affects: 6.0.0-6.0.18</p>
 
     <p><strong>Important: Denial of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033"
-       rel="nofollow">CVE-2009-0033</a></p>
+       <cve>CVE-2009-0033</cve></p>
 
     <p>If Tomcat receives a request with invalid headers via the Java AJP
        connector, it does not return an error and instead closes the AJP
@@ -446,9 +400,7 @@
        from use for approximately one minute. Thus the behaviour can be used for
        a denial of service attack using a carefully crafted request.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=742915&amp;view=rev">
-       revision 742915</a>.</p>
+    <p>This was fixed in <revlink rev="742915">revision 742915</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 26 Jan 2009 and
        made public on 3 Jun 2009.</p>
@@ -456,17 +408,14 @@
     <p>Affects: 6.0.0-6.0.18</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580"
-       rel="nofollow">CVE-2009-0580</a></p>
+       <cve>CVE-2009-0580</cve></p>
 
     <p>Due to insufficient error checking in some authentication classes, Tomcat
        allows for the enumeration (brute force testing) of user names by
        supplying illegally URL encoded passwords. The attack is possible if FORM
        based authentication (j_security_check) is used with the MemoryRealm.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=747840&amp;view=rev">
-       revision 747840</a>.</p>
+    <p>This was fixed in <revlink rev="747840">revision 747840</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 25 Feb 2009 and
        made public on 3 Jun 2009.</p>
@@ -474,16 +423,13 @@
     <p>Affects: 6.0.0-6.0.18</p>
        
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781"
-       rel="nofollow">CVE-2009-0781</a></p>
+       <cve>CVE-2009-0781</cve></p>
 
     <p>The calendar application in the examples web application contains an
        XSS flaw due to invalid HTML which renders the XSS filtering protection
        ineffective.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=750924&amp;view=rev">
-       revision 750924</a>.</p>
+    <p>This was fixed in <revlink rev="750924">revision 750924</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 5 Mar 2009 and
        made public on 3 Jun 2009.</p>
@@ -491,23 +437,17 @@
     <p>Affects: 6.0.0-6.0.18</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"
-       rel="nofollow">CVE-2009-0783</a></p>
+       <cve>CVE-2009-0783</cve></p>
 
-    <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936">
-       29936</a> and
-       <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933">
-       45933</a> allowed a web application to replace the XML parser used by
+    <p>Bugs <bug>29936</bug> and <bug>45933</bug> allowed a web application
+       to replace the XML parser used by
        Tomcat to process web.xml, context.xml and tld files. In limited
        circumstances these bugs may allow a rogue web application to view and/or
        alter the web.xml, context.xml and tld files of other web applications
        deployed on the Tomcat instance.</p>
 
-    <p>This was fixed in revisions 
-       <a href="http://svn.apache.org/viewvc?rev=652592&amp;view=rev">
-       652592</a> and
-       <a href="http://svn.apache.org/viewvc?rev=739522&amp;view=rev">
-       739522</a>.</p>
+    <p>This was fixed in revisions <revlink rev="652592">652592</revlink> and
+       <revlink rev="739522">739522</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 2 Mar 2009 and
        made public on 4 Jun 2009.</p>
@@ -523,8 +463,7 @@
        issues, 6.0.17 is not included in the list of affected versions.</i></p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"
-       rel="nofollow">CVE-2008-1232</a></p>
+       <cve>CVE-2008-1232</cve></p>
 
     <p>The message argument of HttpServletResponse.sendError() call is not only
        displayed on the error page, but is also used for the reason-phrase of
@@ -534,17 +473,14 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=673834&amp;view=rev">
-       revision 673834</a>.</p>
+    <p>This was fixed in <revlink rev="673834">revision 673834</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 24 Jan 2008 and
        made public on 1 Aug 2008.</p>
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"
-       rel="nofollow">CVE-2008-1947</a></p>
+       <cve>CVE-2008-1947</cve></p>
 
     <p>The Host Manager web application did not escape user provided data before
        including it in the output. This enabled a XSS attack. This application
@@ -552,9 +488,7 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=662585&amp;view=rev">
-       revision 662585</a>.</p>
+    <p>This was fixed in <revlink rev="662585">revision 662585</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 15 May 2008 and
        made public on 28 May 2008.</p>
@@ -562,18 +496,15 @@
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"
-       rel="nofollow">CVE-2008-2370</a></p>
+       <cve>CVE-2008-2370</cve></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
        query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
        protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
-       
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=673839&amp;view=rev">
-       revision 673839</a>.</p>
+
+    <p>This was fixed in <revlink rev="673839">revision 673839</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 13 Jun 2008 and
        made public on 1 August 2008.</p>
@@ -585,19 +516,15 @@
 
   <section name="Fixed in Apache Tomcat 6.0.16" rtext="released 8 Feb 2008">
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333"
-       rel="nofollow">CVE-2007-5333</a></p>
+       <cve>CVE-2007-5333</cve></p>
 
-    <p>The previous fix for
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
-       rel="nofollow">CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
-       or %5C within a cookie value.</p>
+    <p>The previous fix for <cve>CVE-2007-3385</cve> was incomplete. It did
+       not consider the use of quotes or %5C within a cookie value.</p>
 
     <p>Affects: 6.0.0-6.0.14</p>
 
     <p><strong>low: Elevated privileges</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342"
-       rel="nofollow">CVE-2007-5342</a></p>
+       <cve>CVE-2007-5342</cve></p>
 
     <p>The JULI logging component allows web applications to provide their own
        logging configurations. The default security policy does not restrict
@@ -608,8 +535,7 @@
     <p>Affects: 6.0.0-6.0.15</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"
-       rel="nofollow">CVE-2007-5461</a></p>
+       <cve>CVE-2007-5461</cve></p>
 
     <p>When Tomcat's WebDAV servlet is configured for use with a context and
        has been enabled for write, some WebDAV requests that specify an entity
@@ -619,8 +545,7 @@
     <p>Affects: 6.0.0-6.0.14</p>
 
     <p><strong>important: Data integrity</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286"
-       rel="nofollow">CVE-2007-6286</a></p>
+       <cve>CVE-2007-6286</cve></p>
 
     <p>When using the native (APR based) connector, connecting to the SSL port
        using netcat and then disconnecting without sending any data will cause
@@ -629,8 +554,7 @@
     <p>Affects: 6.0.0-6.0.15</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002"
-       rel="nofollow">CVE-2008-0002</a></p>
+       <cve>CVE-2008-0002</cve></p>
 
     <p>If an exception occurs during the processing of parameters (eg if the
        client disconnects) then it is possible that the parameters submitted for
@@ -643,8 +567,7 @@
 
   <section name="Fixed in Apache Tomcat 6.0.14" rtext="released 13 Aug 2007">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449"
-       rel="nofollow">CVE-2007-2449</a></p>
+       <cve>CVE-2007-2449</cve></p>
 
     <p>JSPs within the examples web application did not escape user provided
        data before including it in the output. This enabled a XSS attack. These
@@ -657,8 +580,7 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450"
-       rel="nofollow">CVE-2007-2450</a></p>
+       <cve>CVE-2007-2450</cve></p>
 
     <p>The Manager and Host Manager web applications did not escape user
        provided data before including it in the output. This enabled a XSS
@@ -669,8 +591,7 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"
-       rel="nofollow">CVE-2007-3382</a></p>
+       <cve>CVE-2007-3382</cve></p>
 
     <p>Tomcat incorrectly treated a single quote character (') in a cookie
        value as a delimiter. In some circumstances this lead to the leaking of
@@ -679,8 +600,7 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
-       rel="nofollow">CVE-2007-3385</a></p>
+       <cve>CVE-2007-3385</cve></p>
 
     <p>Tomcat incorrectly handled the character sequence \" in a cookie value.
        In some circumstances this lead to the leaking of information such as
@@ -689,8 +609,7 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386"
-       rel="nofollow">CVE-2007-3386</a></p>
+       <cve>CVE-2007-3386</cve></p>
 
     <p>The Host Manager Servlet did not filter user supplied data before
        display. This enabled an XSS attack.</p>
@@ -701,8 +620,7 @@
 
   <section name="Fixed in Apache Tomcat 6.0.11"  rtext="not released">
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355"
-       rel="nofollow">CVE-2007-1355</a></p>
+       <cve>CVE-2007-1355</cve></p>
 
     <p>The JSP and Servlet included in the sample application within the Tomcat
        documentation webapp did not escape user provided data before including
@@ -712,8 +630,7 @@
     <p>Affects: 6.0.0-6.0.10</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"
-       rel="nofollow">CVE-2005-2090</a></p>
+       <cve>CVE-2005-2090</cve></p>
 
     <p>Requests with multiple content-length headers should be rejected as
        invalid. When multiple components (firewalls, caches, proxies and Tomcat)
@@ -731,8 +648,7 @@
 
   <section name="Fixed in Apache Tomcat 6.0.10" rtext="released 28 Feb 2007">
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
-       rel="nofollow">CVE-2007-0450</a></p>
+       <cve>CVE-2007-0450</cve></p>
 
     <p>Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used 
        behind a proxy (including, but not limited to, Apache HTTP server with 
@@ -764,8 +680,7 @@
 
   <section name="Fixed in Apache Tomcat 6.0.9" rtext="released 8 Feb 2007">
     <p><strong>moderate: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"
-       rel="nofollow">CVE-2008-0128</a></p>
+       <cve>CVE-2008-0128</cve></p>
 
     <p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
        transmitted without the "secure" attribute, resulting in it being
@@ -777,8 +692,7 @@
 
   <section name="Fixed in Apache Tomcat 6.0.6"  rtext="released 18 Dec 2006">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358"
-       rel="nofollow">CVE-2007-1358</a></p>
+       <cve>CVE-2007-1358</cve></p>
 
     <p>Web pages that display the Accept-Language header value sent by the
        client are susceptible to a cross-site scripting attack if they assume
@@ -795,8 +709,7 @@
   <section name="Not a vulnerability in Tomcat">
 
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"
-       rel="nofollow">CVE-2010-4476</a></p>
+       <cve>CVE-2010-4476</cve></p>
 
     <p>A JVM bug could cause Double conversion to hang JVM when accessing to a
        form based security constrained page or any page that calls
@@ -806,8 +719,7 @@
     </p>
 
     <p>A work-around for this JVM bug was provided in 
-       <a href="http://svn.apache.org/viewvc?rev=1066315&amp;view=rev">
-       revision 1066315</a>.</p>
+       <revlink rev="1066315">revision 1066315</revlink>.</p>
 
     <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>
@@ -815,8 +727,7 @@
     <p>Affects: 6.0.0-6.0.31</p>
 
     <p><strong>moderate: TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
-       rel="nofollow">CVE-2009-3555</a></p>
+       <cve>CVE-2009-3555</cve></p>
 
     <p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>
@@ -844,15 +755,13 @@
        application.</p>
 
     <p>A workaround was implemented in
-       <a href="http://svn.apache.org/viewvc?rev=881774&amp;view=rev">
-       revision 881774</a> and 
-       <a href="http://svn.apache.org/viewvc?rev=891292&amp;view=rev">
-       revision 891292</a> that provided the new allowUnsafeLegacyRenegotiation
+       <revlink rev="881774">revision 881774</revlink> and 
+       <revlink rev="891292">revision 891292</revlink>
+       that provided the new <code>allowUnsafeLegacyRenegotiation</code>
        attribute. This work around is included in Tomcat 6.0.21 onwards.</p>
        
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938"
-       rel="nofollow">CVE-2008-2938</a></p>
+       <cve>CVE-2008-2938</cve></p>
 
     <p>Originally reported as a Tomcat vulnerability the root cause of this
        issue is that the JVM does not correctly decode UTF-8 encoded URLs to
@@ -876,8 +785,8 @@
        status of this issue for your JVM, contact your JVM vendor.</p>
        
     <p>A workaround was implemented in
-       <a href="http://svn.apache.org/viewvc?rev=678137&amp;view=rev">
-       revision 678137</a> that protects against this and any similar character
+       <revlink rev="678137">revision 678137</revlink>
+       that protects against this and any similar character
        encoding issues that may still exist in the JVM. This work around is
        included in Tomcat 6.0.18 onwards.</p>
   



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message