tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kkoli...@apache.org
Subject svn commit: r1213104 - in /tomcat/site/trunk: docs/security-6.html xdocs/security-6.xml
Date Sun, 11 Dec 2011 23:25:27 GMT
Author: kkolinko
Date: Sun Dec 11 23:25:27 2011
New Revision: 1213104

URL: http://svn.apache.org/viewvc?rev=1213104&view=rev
Log:
Update status for security issues, 'cause 6.0.35 has been released.

Modified:
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1213104&r1=1213103&r2=1213104&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sun Dec 11 23:25:27 2011
@@ -195,7 +195,7 @@
 <a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x vulnerabilities</a>
 </li>
 <li>
-<a href="#Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)">Fixed in Apache Tomcat
6.0.34 (not yet released)</a>
+<a href="#Fixed_in_Apache_Tomcat_6.0.35">Fixed in Apache Tomcat 6.0.35</a>
 </li>
 <li>
 <a href="#Fixed_in_Apache_Tomcat_6.0.33">Fixed in Apache Tomcat 6.0.33</a>
@@ -313,16 +313,25 @@
 </table>
 <table border="0" cellspacing="0" cellpadding="2" width="100%">
 <tr>
-<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 6.0.34 (not yet released)">
-<!--()--></a><a name="Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)"><strong>Fixed
in Apache Tomcat 6.0.34 (not yet released)</strong></a></font></td>
+<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 6.0.35">
+<!--()--></a><a name="Fixed_in_Apache_Tomcat_6.0.35"><strong>Fixed
in Apache Tomcat 6.0.35</strong></a></font></td><td align="right"
bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released
5 Dec 2011</strong></font></td>
 </tr>
 <tr>
-<td>
+<td colspan="2">
 <p>
 <blockquote>
 
     
 <p>
+<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.34
but the
+       release vote for the 6.0.34 release candidate did not pass. Therefore,
+       although users must download 6.0.35 to obtain a version that includes a
+       fix for this issue, version 6.0.34 is not included in the list of
+       affected versions.</i>
+</p>
+
+    
+<p>
 <strong>Important: Authentication bypass and information disclosure
        </strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190" rel="nofollow">CVE-2011-3190</a>
@@ -366,7 +375,7 @@
     
 <ul>
       
-<li>Upgrade to Tomcat 6.0.34.</li>
+<li>Upgrade to Tomcat 6.0.35.</li>
       
 <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162959">patch</a>.</li>
       
@@ -591,7 +600,7 @@
 
     
 <p>
-<i>Note: The issue below was fixed in Apache Tomcat 6.0.31 but the
+<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.31
but the
        release vote for the 6.0.31 release candidate did not pass. Therefore,
        although users must download 6.0.32 to obtain a version that includes a
        fix for this issue, version 6.0.31 is not included in the list of
@@ -762,7 +771,7 @@
 
     
 <p>
-<i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
+<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.27
but the
        release vote for the 6.0.27 release candidate did not pass. Therefore,
        although users must download 6.0.28 to obtain a version that includes a
        fix for this issue, version 6.0.27 is not included in the list of
@@ -818,7 +827,7 @@
 <blockquote>
       
 <p>
-<i>Note: These issues were fixed in Apache Tomcat 6.0.21 but the
+<strong>Note:</strong> <i>These issues were fixed in Apache Tomcat 6.0.21
but the
          release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did
          not pass. Therefore, although users must download 6.0.24 to obtain a
          version that includes fixes for these issues, versions 6.0.21 onwards
@@ -940,7 +949,7 @@
 <blockquote>
     
 <p>
-<i>Note: These issues were fixed in Apache Tomcat 6.0.19 but the release
+<strong>Note:</strong> <i>These issues were fixed in Apache Tomcat 6.0.19
but the release
        vote for that release candidate did not pass. Therefore, although users
        must download 6.0.20 to obtain a version that includes fixes for these
        issues, 6.0.19 is not included in the list of affected versions.</i>
@@ -1083,7 +1092,7 @@
 <blockquote>
     
 <p>
-<i>Note: These issues were fixed in Apache Tomcat 6.0.17 but the release
+<strong>Note:</strong> <i>These issues were fixed in Apache Tomcat 6.0.17
but the release
        vote for that release candidate did not pass. Therefore, although users
        must download 6.0.18 to obtain a version that includes fixes for these
        issues, 6.0.17 is not included in the list of affected versions.</i>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1213104&r1=1213103&r2=1213104&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sun Dec 11 23:25:27 2011
@@ -49,7 +49,13 @@
   </section>
 
   
-  <section name="Fixed in Apache Tomcat 6.0.34 (not yet released)">
+  <section name="Fixed in Apache Tomcat 6.0.35" rtext="released 5 Dec 2011">
+
+    <p><strong>Note:</strong> <i>The issue below was fixed in Apache
Tomcat 6.0.34 but the
+       release vote for the 6.0.34 release candidate did not pass. Therefore,
+       although users must download 6.0.35 to obtain a version that includes a
+       fix for this issue, version 6.0.34 is not included in the list of
+       affected versions.</i></p>
 
     <p><strong>Important: Authentication bypass and information disclosure
        </strong>
@@ -81,7 +87,7 @@
   
     <p>Mitigation options:</p>  
     <ul>
-      <li>Upgrade to Tomcat 6.0.34.</li>
+      <li>Upgrade to Tomcat 6.0.35.</li>
       <li>Apply the appropriate <revlink rev="1162959">patch</revlink>.</li>
       <li>Configure both Tomcat and the reverse proxy to use a shared secret.<br
/>
         (It is "<code>request.secret</code>" attribute in AJP &lt;Connector&gt;,
@@ -210,7 +216,7 @@
 
   <section name="Fixed in Apache Tomcat 6.0.32" rtext="released 03 Feb 2011">
 
-    <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.31 but the
+    <p><strong>Note:</strong> <i>The issue below was fixed in Apache
Tomcat 6.0.31 but the
        release vote for the 6.0.31 release candidate did not pass. Therefore,
        although users must download 6.0.32 to obtain a version that includes a
        fix for this issue, version 6.0.31 is not included in the list of
@@ -309,7 +315,7 @@
 
     <p>Affects: 6.0.0-6.0.27</p>
 
-    <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
+    <p><strong>Note:</strong> <i>The issue below was fixed in Apache
Tomcat 6.0.27 but the
        release vote for the 6.0.27 release candidate did not pass. Therefore,
        although users must download 6.0.28 to obtain a version that includes a
        fix for this issue, version 6.0.27 is not included in the list of
@@ -338,7 +344,7 @@
   </section>
 
   <section name="Fixed in Apache Tomcat 6.0.24" rtext="released 21 Jan 2010">
-      <p><i>Note: These issues were fixed in Apache Tomcat 6.0.21 but the
+      <p><strong>Note:</strong> <i>These issues were fixed in Apache
Tomcat 6.0.21 but the
          release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did
          not pass. Therefore, although users must download 6.0.24 to obtain a
          version that includes fixes for these issues, versions 6.0.21 onwards
@@ -412,7 +418,7 @@
   </section>
 
   <section name="Fixed in Apache Tomcat 6.0.20" rtext="released 3 Jun 2009">
-    <p><i>Note: These issues were fixed in Apache Tomcat 6.0.19 but the release
+    <p><strong>Note:</strong> <i>These issues were fixed in Apache
Tomcat 6.0.19 but the release
        vote for that release candidate did not pass. Therefore, although users
        must download 6.0.20 to obtain a version that includes fixes for these
        issues, 6.0.19 is not included in the list of affected versions.</i></p>
@@ -500,7 +506,7 @@
   </section>
   
   <section name="Fixed in Apache Tomcat 6.0.18" rtext="released 31 Jul 2008">
-    <p><i>Note: These issues were fixed in Apache Tomcat 6.0.17 but the release
+    <p><strong>Note:</strong> <i>These issues were fixed in Apache
Tomcat 6.0.17 but the release
        vote for that release candidate did not pass. Therefore, although users
        must download 6.0.18 to obtain a version that includes fixes for these
        issues, 6.0.17 is not included in the list of affected versions.</i></p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message