tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Mitigating AJP CPing/Forward-Request packet forgery before next releases
Date Thu, 08 Sep 2011 20:22:56 GMT
Mark,

On 9/8/2011 11:47 AM, Mark Thomas wrote:
> On 08/09/2011 16:13, Christopher Schultz wrote:
>> Should we mention this on the Security page directly for those who 
>> didn't read the announcement on the users' list?
> 
> No reason why not. Go for it.

Also, security-5.html says that Tomcat 5.0.0 - 5.0.33 are affected. It
should probably be 5.5.0-5.5.30, right?

-chris


Mime
View raw message