Return-Path:
X-Original-To: apmail-tomcat-dev-archive@www.apache.org
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 0A09092F6
for ;
Sun, 25 Sep 2011 16:11:23 +0000 (UTC)
Received: (qmail 82919 invoked by uid 500); 25 Sep 2011 16:11:22 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 82839 invoked by uid 500); 25 Sep 2011 16:11:22 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: "Tomcat Developers List"
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 82829 invoked by uid 99); 25 Sep 2011 16:11:22 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Sep 2011 16:11:22 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Sep 2011 16:11:20 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id 80F812388847
for ; Sun, 25 Sep 2011 16:11:00 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1175421 - in /tomcat/site/trunk: docs/security-5.html
docs/security-6.html docs/security-7.html xdocs/security-5.xml
xdocs/security-6.xml xdocs/security-7.xml
Date: Sun, 25 Sep 2011 16:11:00 -0000
To: dev@tomcat.apache.org
From: kkolinko@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20110925161100.80F812388847@eris.apache.org>
Author: kkolinko
Date: Sun Sep 25 16:10:59 2011
New Revision: 1175421
URL: http://svn.apache.org/viewvc?rev=1175421&view=rev
Log:
Mention when support for RFC 5746 was added.
As far as I am reading Tomcat-Navive changelog,
it does not have implementation for this new renegotiation protocol.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1175421&r1=1175420&r2=1175421&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sun Sep 25 16:10:59 2011
@@ -1745,6 +1745,22 @@
that provided the new allowUnsafeLegacyRenegotiation
attribute. This work around is included in Tomcat 5.5.29 onwards.
+ Support for the new TLS renegotiation protocol (RFC 5746) that does not
+ have this security issue:
+
+
+ - For connectors using JSSE implementation provided by JVM:
+ Added in Tomcat 5.5.33.
+ Requires JRE that supports RFC 5746. For Oracle JRE that is
+ known
+ to be 6u22 or later.
+
+ - For connectors using APR and OpenSSL:
+ Not implemented. See
+ APR/native connector security page.
+
+
+
important: Directory traversal
CVE-2008-2938
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1175421&r1=1175420&r2=1175421&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sun Sep 25 16:10:59 2011
@@ -1547,7 +1547,23 @@
revision 891292
that provided the new allowUnsafeLegacyRenegotiation
attribute. This work around is included in Tomcat 6.0.21 onwards.
-
+
+ Support for the new TLS renegotiation protocol (RFC 5746) that does not
+ have this security issue:
+
+
+ - For connectors using JSSE implementation provided by JVM:
+ Added in Tomcat 6.0.32.
+ Requires JRE that supports RFC 5746. For Oracle JRE that is
+ known
+ to be 6u22 or later.
+
+ - For connectors using APR and OpenSSL:
+ Not implemented. See
+ APR/native connector security page.
+
+
+
important: Directory traversal
CVE-2008-2938
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1175421&r1=1175420&r2=1175421&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Sun Sep 25 16:10:59 2011
@@ -1091,6 +1091,22 @@
This was worked-around in
revision 891292.
+ Support for the new TLS renegotiation protocol (RFC 5746) that does not
+ have this security issue:
+
+
+ - For connectors using JSSE implementation provided by JVM:
+ Added in Tomcat 7.0.8.
+ Requires JRE that supports RFC 5746. For Oracle JRE that is
+ known
+ to be 6u22 or later.
+
+ - For connectors using APR and OpenSSL:
+ Not implemented. See
+ APR/native connector security page.
+
+
+
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1175421&r1=1175420&r2=1175421&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sun Sep 25 16:10:59 2011
@@ -814,6 +814,23 @@
that provided the new allowUnsafeLegacyRenegotiation
attribute. This work around is included in Tomcat 5.5.29 onwards.
+ Support for the new TLS renegotiation protocol (RFC 5746) that does not
+ have this security issue:
+
+
+ - For connectors using JSSE implementation provided by JVM:
+ Added in Tomcat 5.5.33.
+ Requires JRE that supports RFC 5746. For Oracle JRE that is
+ known
+ to be 6u22 or later.
+
+ - For connectors using APR and OpenSSL:
+ Not implemented. See
+ APR/native connector security page.
+
+
+
important: Directory traversal
CVE-2008-2938
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1175421&r1=1175420&r2=1175421&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sun Sep 25 16:10:59 2011
@@ -760,7 +760,24 @@
revision 891292
that provided the new allowUnsafeLegacyRenegotiation
attribute. This work around is included in Tomcat 6.0.21 onwards.
-
+
+ Support for the new TLS renegotiation protocol (RFC 5746) that does not
+ have this security issue:
+
+
+ - For connectors using JSSE implementation provided by JVM:
+ Added in Tomcat 6.0.32.
+ Requires JRE that supports RFC 5746. For Oracle JRE that is
+ known
+ to be 6u22 or later.
+
+ - For connectors using APR and OpenSSL:
+ Not implemented. See
+ APR/native connector security page.
+
+
+
important: Directory traversal
CVE-2008-2938
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1175421&r1=1175420&r2=1175421&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Sun Sep 25 16:10:59 2011
@@ -437,6 +437,23 @@
This was worked-around in
revision 891292.
+ Support for the new TLS renegotiation protocol (RFC 5746) that does not
+ have this security issue:
+
+
+ - For connectors using JSSE implementation provided by JVM:
+ Added in Tomcat 7.0.8.
+ Requires JRE that supports RFC 5746. For Oracle JRE that is
+ known
+ to be 6u22 or later.
+
+ - For connectors using APR and OpenSSL:
+ Not implemented. See
+ APR/native connector security page.
+
+
+