tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1480932 [2/2] - in /tomcat/site/trunk: ./ docs/ xdocs/
Date Fri, 10 May 2013 08:37:36 GMT
Modified: tomcat/site/trunk/xdocs/download-70.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/download-70.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/download-70.xml (original)
+++ tomcat/site/trunk/xdocs/download-70.xml Fri May 10 08:37:35 2013
@@ -15,8 +15,8 @@
       <!-- Begin quick navigation section -->
       <section name="Quick Navigation">
         <a href="http://www.apache.org/dist/tomcat/tomcat-7/KEYS">KEYS</a> |
-        <a href="#7.0.39">7.0.39</a> |
-        <a href="[preferred]tomcat/tomcat-7/v7.0.39" rel="nofollow">Browse</a> |
+        <a href="#7.0.40">7.0.40</a> |
+        <a href="[preferred]tomcat/tomcat-7/v7.0.40" rel="nofollow">Browse</a> |
         <a href="http://archive.apache.org/dist/tomcat/tomcat-7">Archives</a>
       </section>
       <!-- End quick navigation section -->
@@ -58,11 +58,11 @@
   </section>
   <!-- End mirrors section -->
 
-      <!-- Begin 7.0.39 section -->
-      <section name="7.0.39">
+      <!-- Begin 7.0.40 section -->
+      <section name="7.0.40">
       <p>
-      <a name="7.0.39">Please</a> see the 
-      <a href="[preferred]tomcat/tomcat-7/v7.0.39/README.html" rel="nofollow">README</a>
+      <a name="7.0.40">Please</a> see the 
+      <a href="[preferred]tomcat/tomcat-7/v7.0.40/README.html" rel="nofollow">README</a>
       file for packaging information.  It explains what every distribution contains.
       </p>
 
@@ -71,121 +71,121 @@
         <li>Core:
           <ul>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.zip" rel="nofollow">zip</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.zip.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.zip.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.zip" rel="nofollow">zip</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.zip.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.zip.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.tar.gz" rel="nofollow">tar.gz</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.tar.gz.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.tar.gz.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gz" rel="nofollow">tar.gz</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gz.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.tar.gz.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-x86.zip" rel="nofollow">32-bit Windows zip</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-x86.zip.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-x86.zip.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-x86.zip" rel="nofollow">32-bit Windows zip</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-x86.zip.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-x86.zip.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-x64.zip" rel="nofollow">64-bit Windows zip</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-x64.zip.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-x64.zip.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-x64.zip" rel="nofollow">64-bit Windows zip</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-x64.zip.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-x64.zip.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-i64.zip" rel="nofollow">64-bit Itanium Windows zip</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-i64.zip.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-windows-i64.zip.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-i64.zip" rel="nofollow">64-bit Itanium Windows zip</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-i64.zip.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-windows-i64.zip.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.exe" rel="nofollow">32-bit/64-bit Windows Service Installer</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.exe.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.exe.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.exe" rel="nofollow">32-bit/64-bit Windows Service Installer</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.exe.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40.exe.md5">md5</a>)
           </li>
           </ul>
         </li>
         <li>Full documentation:
           <ul>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-fulldocs.tar.gz" rel="nofollow">tar.gz</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-fulldocs.tar.gz.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-fulldocs.tar.gz.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-fulldocs.tar.gz" rel="nofollow">tar.gz</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-fulldocs.tar.gz.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-fulldocs.tar.gz.md5">md5</a>)
           </li>
           </ul>
         </li>
         <li>Deployer:
           <ul>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-deployer.zip" rel="nofollow">zip</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-deployer.zip.asc">pgp</a>,  
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-deployer.zip.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-deployer.zip" rel="nofollow">zip</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-deployer.zip.asc">pgp</a>,  
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-deployer.zip.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-deployer.tar.gz" rel="nofollow">tar.gz</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-deployer.tar.gz.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39-deployer.tar.gz.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-deployer.tar.gz" rel="nofollow">tar.gz</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-deployer.tar.gz.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/apache-tomcat-7.0.40-deployer.tar.gz.md5">md5</a>)
           </li>
           </ul>
         </li>
         <li>Extras:
           <ul>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/extras/catalina-jmx-remote.jar" rel="nofollow">JMX Remote jar</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/catalina-jmx-remote.jar.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/catalina-jmx-remote.jar.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/extras/catalina-jmx-remote.jar" rel="nofollow">JMX Remote jar</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/catalina-jmx-remote.jar.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/catalina-jmx-remote.jar.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/extras/catalina-ws.jar" rel="nofollow">Web services jar</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/catalina-ws.jar.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/catalina-ws.jar.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/extras/catalina-ws.jar" rel="nofollow">Web services jar</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/catalina-ws.jar.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/catalina-ws.jar.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/extras/tomcat-juli-adapters.jar" rel="nofollow">JULI adapters jar</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/tomcat-juli-adapters.jar.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/tomcat-juli-adapters.jar.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/extras/tomcat-juli-adapters.jar" rel="nofollow">JULI adapters jar</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/tomcat-juli-adapters.jar.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/tomcat-juli-adapters.jar.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/extras/tomcat-juli.jar" rel="nofollow">JULI log4j jar</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/tomcat-juli.jar.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/extras/tomcat-juli.jar.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/extras/tomcat-juli.jar" rel="nofollow">JULI log4j jar</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/tomcat-juli.jar.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/extras/tomcat-juli.jar.md5">md5</a>)
           </li>
           </ul>
         </li>
         <li>Embedded:
           <ul>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/embed/apache-tomcat-7.0.39-embed.tar.gz" rel="nofollow">tar.gz</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/embed/apache-tomcat-7.0.39-embed.tar.gz.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/embed/apache-tomcat-7.0.39-embed.tar.gz.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/embed/apache-tomcat-7.0.40-embed.tar.gz" rel="nofollow">tar.gz</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/embed/apache-tomcat-7.0.40-embed.tar.gz.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/embed/apache-tomcat-7.0.40-embed.tar.gz.md5">md5</a>)
           </li>
           <li>
-            <a href="[preferred]tomcat/tomcat-7/v7.0.39/bin/embed/apache-tomcat-7.0.39-embed.zip" rel="nofollow">zip</a> 
-            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/embed/apache-tomcat-7.0.39-embed.zip.asc">pgp</a>, 
-            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/bin/embed/apache-tomcat-7.0.39-embed.zip.md5">md5</a>)
+            <a href="[preferred]tomcat/tomcat-7/v7.0.40/bin/embed/apache-tomcat-7.0.40-embed.zip" rel="nofollow">zip</a> 
+            (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/embed/apache-tomcat-7.0.40-embed.zip.asc">pgp</a>, 
+            <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/bin/embed/apache-tomcat-7.0.40-embed.zip.md5">md5</a>)
           </li>
           </ul>
         </li>
       </ul>
       </subsection>
-      <!-- End of 7.0.39 binary section -->
+      <!-- End of 7.0.40 binary section -->
  
-      <!-- Begin 7.0.39 source section -->
+      <!-- Begin 7.0.40 source section -->
       <subsection name="Source Code Distributions">
       <ul>
         <li>
-          <a href="[preferred]tomcat/tomcat-7/v7.0.39/src/apache-tomcat-7.0.39-src.tar.gz" rel="nofollow">tar.gz</a> 
-          (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/src/apache-tomcat-7.0.39-src.tar.gz.asc">pgp</a>, 
-          <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/src/apache-tomcat-7.0.39-src.tar.gz.md5">md5</a>)
+          <a href="[preferred]tomcat/tomcat-7/v7.0.40/src/apache-tomcat-7.0.40-src.tar.gz" rel="nofollow">tar.gz</a> 
+          (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/src/apache-tomcat-7.0.40-src.tar.gz.asc">pgp</a>, 
+          <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/src/apache-tomcat-7.0.40-src.tar.gz.md5">md5</a>)
         </li>
         <li>
-          <a href="[preferred]tomcat/tomcat-7/v7.0.39/src/apache-tomcat-7.0.39-src.zip" rel="nofollow">zip</a> 
-          (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/src/apache-tomcat-7.0.39-src.zip.asc">pgp</a>, 
-          <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.39/src/apache-tomcat-7.0.39-src.zip.md5">md5</a>)
+          <a href="[preferred]tomcat/tomcat-7/v7.0.40/src/apache-tomcat-7.0.40-src.zip" rel="nofollow">zip</a> 
+          (<a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/src/apache-tomcat-7.0.40-src.zip.asc">pgp</a>, 
+          <a href="http://www.apache.org/dist/tomcat/tomcat-7/v7.0.40/src/apache-tomcat-7.0.40-src.zip.md5">md5</a>)
         </li>
       </ul>
       </subsection>
-      <!-- End 7.0.39 source section -->
+      <!-- End 7.0.40 source section -->
 
     </section>
-    <!-- End 7.0.39 section -->
+    <!-- End 7.0.40 section -->
 
 </body>
 </document>

Modified: tomcat/site/trunk/xdocs/index.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/index.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/index.xml (original)
+++ tomcat/site/trunk/xdocs/index.xml Fri May 10 08:37:35 2013
@@ -37,6 +37,31 @@ project logo are trademarks of the Apach
 
 </section>
 
+<section name="Tomcat 7.0.40 Released" rtext="2013-05-09">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.40 of
+Apache Tomcat. This release contains a security fix and a number of bug fixes
+and improvements compared to version 7.0.39. The notable changes include:
+<ul>
+<li>A fix for CVE-2013-2071 (bug <bug>54178</bug>) an information disclosure
+    issue.</li>
+<li>Various fixes to stop Tomcat attempting to parse text that looks like an EL
+    expression in a JSP document as an EL expression when EL expressions are
+    either not permitted or not enabled.</li>
+<li>Improved handling and reporting if a ConcurrentModificationException occurs
+    while checking for memory leaks when a web application is being stopped.
+    </li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html">ChangeLog for 7.0.40</a>
+</p>
+</section>
+
 <section name="Tomcat 6.0.37 Released" rtext="2013-05-03">
 <p>
 The Apache Tomcat Project is proud to announce the release of version 6.0.37 of
@@ -50,44 +75,6 @@ Apache Tomcat. This release includes sec
 </p>
 </section>
 
-<section name="Tomcat 7.0.39 Released" rtext="2013-03-26">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.39 of
-Apache Tomcat. This release contains a number of bug fixes and improvements
-compared to version 7.0.37. The notable changes include:
-<ul>
-<li>There have been multiple improvements in the bytes to/from characters
-    conversion process. The core conversion process has been refactored to use
-    the NIO APIs. This has resulted in a number of improvements including
-    invalid UTF-8 byte sequences at the end of a series of bytes now trigger a
-    conversion error rather than being silently swallowed. Errors detected in
-    request URIs will be replaced with the replacement character (allowing the
-    application to respond to the invalid URI as it wishes) and errors in
-    request bodies will trigger an IOException. The use of the JVM provided
-    UTF-8 decoder has been replaced by a better UTF-8 decoder derived from
-    Apache Harmony. This improved decoder has earlier detection of error
-    conditions and more closely follows the Unicode specification regarding the
-    use of replacement characters.</li>
-<li>The annotation scanning process now provides more information if the scan
-    fails due to broken class dependencies. There is now enough information to
-    identify the class(es) at fault. The JAR scanning process that supports
-    annotation scanning has also seen multiple improvements and fixes including
-    the exclusion by default of the Bootstrap class path from the scan.</li>
-<li>Upgraded a number of Tomcat&apos;s dependencies including Commons Daemon to
-    1.0.14, Commons IO to 2.4 and Commons FileUpload to r1458500. A new
-    dependency on Commons Codec was added to replace Tomcat's internal Base64
-    encoder/decoder.</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html">ChangeLog for 7.0.39</a>
-</p>
-</section>
-
 <section name="Tomcat Maven Plugin 2.1 Released" rtext="2013-02-25">
 <p>
 The Apache Tomcat team is pleased to

Modified: tomcat/site/trunk/xdocs/migration-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration-7.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/migration-7.xml (original)
+++ tomcat/site/trunk/xdocs/migration-7.xml Fri May 10 08:37:35 2013
@@ -484,7 +484,8 @@ of Apache Tomcat.</p>
           "7.0.34":"1416816",
           "7.0.35":"1431695",
           "7.0.37":"1445362",
-          "7.0.39":"1459741"
+          "7.0.39":"1459741",
+          "7.0.40":"1479250"
         };
         var formSubmit= document.getElementById('tc7Submit');
         var elementsSelect= document.getElementById('tc7Select').elements;
@@ -536,8 +537,9 @@ of Apache Tomcat.</p>
     <option value="7.0.33"></option>
     <option value="7.0.34">7.0.34</option>
     <option value="7.0.35">7.0.35</option>
-    <option value="7.0.37" selected="selected">7.0.37</option>
-    <option value="7.0.39">7.0.39</option>
+    <option value="7.0.37">7.0.37</option>
+    <option value="7.0.39" selected="selected">7.0.39</option>
+    <option value="7.0.40">7.0.40</option>
     </select>, new version:
     <select name="r2">
     <option value="7.0.0">7.0.0</option>
@@ -567,7 +569,8 @@ of Apache Tomcat.</p>
     <option value="7.0.34">7.0.34</option>
     <option value="7.0.35">7.0.35</option>
     <option value="7.0.37">7.0.37</option>
-    <option value="7.0.39" selected="selected">7.0.39</option>
+    <option value="7.0.39">7.0.39</option>
+    <option value="7.0.40" selected="selected">7.0.40</option>
     <option value="HEAD">trunk (unreleased)</option>
     </select>
     </p>

Added: tomcat/site/trunk/xdocs/oldnews-2012.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/oldnews-2012.xml?rev=1480932&view=auto
==============================================================================
--- tomcat/site/trunk/xdocs/oldnews-2012.xml (added)
+++ tomcat/site/trunk/xdocs/oldnews-2012.xml Fri May 10 08:37:35 2013
@@ -0,0 +1,399 @@
+<?xml version="1.0"?>
+<document>
+
+  <properties>
+    <author>Apache Tomcat Project</author>
+    <title>Old news! - 2012</title>
+  </properties>
+
+<body>
+
+<section name="Tomcat 7.0.34 Released" rtext="2012-12-12">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.34 of
+Apache Tomcat. This release contains a small number of bug fixes and
+improvements compared to version 7.0.33. The notable changes include:
+<ul>
+<li>Improvements to the AccessLogValve to better handle non-standard DST changes
+    and to provide option for the current access log to have a standard name.
+    </li>
+<li>Fix various JMX registration and deregistration issues.</li>
+<li>Update the Eclipse JDT compiler to 4.2.1</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.34_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.34_(markt)">ChangeLog for 7.0.34</a>
+</p>
+</section>
+
+<section name="Tomcat 7.0.33 Released" rtext="2012-11-21">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.33 of
+Apache Tomcat. This release contains a small number of bug fixes and
+improvements compared to version 7.0.32. The notable changes include:
+<ul>
+<li>A fix to the AccessLogValve to address a bug that caused some entries to be
+    made with incorrect time stamps.</li>
+<li>A re-written, smaller, faster HTTP header parser.</li>
+<li>Further performance improvements for Jasper, Tomcat&apos;s JSP engine.</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.33_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.33_(markt)">ChangeLog for 7.0.33</a>
+</p>
+</section>
+
+<section name="Tomcat 6.0.36 Released" rtext="2012-10-19">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 6.0.36 of
+Apache Tomcat. This release includes security and bug fixes over Apache Tomcat
+6.0.35.
+
+</p>
+<p align="center">
+<a href="download-60.cgi">Download</a> |
+<a href="tomcat-6.0-doc/changelog.html#Tomcat_6.0.36_(jfclere)">ChangeLog for 6.0.36</a>
+</p>
+</section>
+
+<section name="Tomcat 5.5.36 Released" rtext="2012-10-10">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 5.5.36 of
+Apache Tomcat. This release is primarily a bug fix release.
+</p>
+<p><strong>Note:</strong> As per the previous<a href="tomcat-55-eol.html">
+end of life announcement</a> this will almost certainly be the final Apache
+Tomcat 5.5.x release. Users of the 5.5.x series are strongly encouraged to
+upgrade to at least 6.0.x and ideally 7.0.x.
+</p>
+<p align="center">
+<a href="download-55.cgi">Download</a> |
+<a href="tomcat-5.5-doc/changelog.html">ChangeLog for 5.5.36</a>
+</p>
+</section>
+
+<section name="Tomcat 7.0.32 Released" rtext="2012-10-09">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.32 of
+Apache Tomcat. This release contains a small number of bug fixes and
+improvements compared to version 7.0.30. The notable changes include:
+<ul>
+<li>A new option to automatically remove old, unused versions (ones where there
+    are no longer any active sessions) of applications deployed using parallel
+    deployment.</li>
+<li>Faster parsing of JSPs.</li>
+<li>Make the members and deployer associated with a cluster visible via JMX.
+    </li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.32_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.32_(markt)">ChangeLog for 7.0.32</a>
+</p>
+</section>
+
+<section name="Tomcat Maven Plugin 2.0 Released" rtext="2012-09-14">
+<p>
+The Apache Tomcat team is pleased to
+<a href="http://mail-archives.apache.org/mod_mbox/tomcat-announce/201209.mbox/%3CCAPoyBqRLPukj%3D8d0XQOgV_%2BewB31-s6SOG6%3D8m3gDcYLo-%2BOpA%40mail.gmail.com%3E">announce</a>
+the release of Tomcat Maven Plugin 2.0.
+</p>
+<p>
+The <a href="maven-plugin.html">Apache Tomcat Maven Plugin</a> provides goals
+to manipulate WAR projects within the Apache Tomcat servlet container.
+</p>
+<p>
+The binaries are available from Maven repositories. You should specify the
+version in your project's plugin configuration:
+</p>
+<source><![CDATA[
+  <plugin>
+    <groupId>org.apache.tomcat.maven</groupId>
+    <artifactId>tomcat6-maven-plugin</artifactId>
+    <version>2.0</version>
+  </plugin>
+]]></source>
+or
+<source><![CDATA[
+  <plugin>
+    <groupId>org.apache.tomcat.maven</groupId>
+    <artifactId>tomcat7-maven-plugin</artifactId>
+    <version>2.0</version>
+  </plugin>
+]]></source>
+</section>
+
+<section name="Tomcat 7.0.30 Released" rtext="2012-09-06">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.30 of
+Apache Tomcat. This release contains numerous bug fixes and improvements
+compared to version 7.0.29. The notable changes include:
+<ul>
+<li>Significantly reduced memory footprint during web application start while
+    Servlet 3.0 annotation and SCI scanning is in progress.</li>
+<li>Adds support for scanning of classes that use Java 7 specific byte code for
+    Servlet 3.0 annotation and SCI scanning.</li>
+<li>Improvements to DIGEST and FORM authentication.</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.30_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.30_(markt)">ChangeLog for 7.0.30</a>
+</p>
+</section>
+
+<section name="Tomcat 7.0.29 Released" rtext="2012-07-08">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.29 of
+Apache Tomcat. This release corrects a small number of regressions introduced in
+the 7.0.28 release and takes account of several recent clarifications from the
+Servlet Expert Group as well as containing a handful of bug fixes and small
+improvements compared to version 7.0.28. The notable changes include:
+<ul>
+<li>Add support for a default error page</li>
+<li>The servlet version defined in web.xml no longer determines if Tomcat scans
+    for annotations when the web application starts. This is now solely
+    controlled by metadata-complete element.</li>
+<li>On web application start, JARs are now always scanned for
+    ServletContainerInitializers regardless of the setting of
+    metadata-complete</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.29_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.29_(markt)">ChangeLog for 7.0.29</a>
+</p>
+</section>
+
+<section name="Tomcat 7.0.28 Released" rtext="2012-06-19">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.28 of
+Apache Tomcat. This release is includes may improvements as well as a number of
+bug fixes compared to version 7.0.27. The notable changes include:
+<ul>
+<li>The minimum required APR/native library version required if the APR/native
+    connector is used is now 1.1.24.</li>
+<li>Various fixes and improvements to WebSocket support including the use of
+    infinite timeouts by default for WebSocket connections.</li>
+<li>Various fixes and improvements to annotation scanning.</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.28_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.28_(markt)">ChangeLog for 7.0.28</a>
+</p>
+</section>
+
+<section name="Tomcat Native 1.1.24 Released" rtext="2012-06-13">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 1.1.24 of
+Tomcat Native.
+</p>
+<p align="center">
+<a href="download-native.cgi">Download</a> |
+<a href="native-doc/miscellaneous/changelog.html">ChangeLog for 1.1.24</a>
+</p>
+</section>
+
+<section name="Tomcat Connectors 1.2.36 Released" rtext="2012-05-14">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 1.2.36 of
+Apache Tomcat Connectors.
+This version fixes few bugs found in 1.2.35 release.
+</p>
+<p align="center">
+<a href="download-connectors.cgi">Download</a> |
+<a href="connectors-doc/miscellaneous/changelog.html">ChangeLog for 1.2.36</a>
+</p>
+</section>
+
+<section name="Tomcat 7.0.27 Released" rtext="2012-04-05">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.27 of
+Apache Tomcat. This release is includes significant new features as well as a
+number of bug fixes compared to version 7.0.26. The notable changes include:
+<ul>
+<li>Support for the WebSocket protocol (RFC6455). Both streaming and message
+    based APIs are provided and the implementation currently fully passes the
+    Autobahn test suite. Also included are several examples.</li>
+<li>A number of fixes to the HTTP NIO connector, particularly when using Comet.
+    </li>
+<li>Improve the memory leak prevention and detection code so that is works well
+    with JVMs from IBM.</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.27_(markt)">ChangeLog for 7.0.27</a>
+</p>
+</section>
+
+<section name="Tomcat Connectors 1.2.35 Released" rtext="2012-03-24">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 1.2.35 of
+Apache Tomcat Connectors.
+This version fixes few bugs found in 1.2.33 release.
+</p>
+<p><strong>Notice:</strong> Users of discontinued Apache HTTPD 1.3.x version will need to apply the
+<a href="http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-1.3/mod_jk.c?r1=1302445&amp;r2=1305020">r1305020 patch</a>
+to be able to compile this version of mod_jk.</p>
+<p align="center">
+<a href="download-connectors.cgi">Download</a> |
+<a href="connectors-doc/miscellaneous/changelog.html">ChangeLog for 1.2.35</a>
+</p>
+</section>
+
+<section name="Tomcat Connectors 1.2.33 Released" rtext="2012-03-12">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 1.2.33 of
+Apache Tomcat Connectors.
+This version is principally a bugfix release.
+</p>
+<p><strong>Warning:</strong> There are stability issues with the mod_jk 1.2.33
+release. If you have not yet upgraded to mod_jk 1.2.33 we recommend that you
+wait for the mod_jk 1.2.35 release. If you have
+upgraded and experienced issues we recommend that you downgrade to
+mod_jk 1.2.32 until mod_jk 1.2.35 is available.</p>
+
+<p><strong>Update:</strong> mod_jk 1.2.35 is available.</p>
+</section>
+
+<section name="Tomcat Native 1.1.23 Released" rtext="2012-03-02">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 1.1.23 of Tomcat Native.
+This version is principally a bugfix release.
+</p>
+<p align="center">
+<a href="download-native.cgi">Download</a> |
+<a href="native-doc/miscellaneous/changelog.html">ChangeLog for 1.1.23</a>
+</p>
+</section>
+
+<section name="Tomcat 7.0.26 Released" rtext="2012-02-21">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.26 of
+Apache Tomcat. This release is primarily a bug fix release and includes numerous
+bug fixes compared to version 7.0.25. The notable bug fixes include:
+<ul>
+<li>Improved <code>@HandlesTypes</code> processing which no longer loads all
+    classes on web application start.</li>
+<li>Ensure that POST bodies are available for reply after FORM authentication
+    when using the AJP connectors</li>
+<li>Corrected a regression that broke annotation scanning for many use cases
+    including web applications packaged as WARs and many embedded scenarios.
+    </li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.25_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.26_(markt)">ChangeLog for 7.0.26</a>
+</p>
+</section>
+
+<section name="Tomcat Maven Plugin 2.0-beta-1 Released" rtext="2012-02-01">
+<p>
+The Apache Tomcat team is pleased to announce the release of Tomcat
+Maven Plugin 2.0-beta-1.
+</p>
+<p>
+The <a href="maven-plugin.html">Apache Tomcat Maven Plugin</a> provides goals
+to manipulate WAR projects within the Apache Tomcat servlet container.
+</p>
+<p>
+The binaries are available from Maven repositories. You should specify the
+version in your project's plugin configuration:
+</p>
+<source><![CDATA[
+  <plugin>
+    <groupId>org.apache.tomcat.maven</groupId>
+    <artifactId>tomcat6-maven-plugin</artifactId>
+    <version>2.0-beta-1</version>
+  </plugin>
+]]></source>
+or
+<source><![CDATA[
+  <plugin>
+    <groupId>org.apache.tomcat.maven</groupId>
+    <artifactId>tomcat7-maven-plugin</artifactId>
+    <version>2.0-beta-1</version>
+  </plugin>
+]]></source>
+</section>
+
+<section name="Tomcat 7.0.25 Released" rtext="2012-01-21">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.25 of
+Apache Tomcat. This release includes numerous bug fixes and several new features
+compared to version 7.0.23. The notable new features include:
+<ul>
+<li>Align the Servlet 3.0 implementation with the changes defined in the first
+    maintenance release (also known as Rev. A.). See the
+    <a href="http://jcp.org/aboutJava/communityprocess/maintenance/jsr315/servlet3-mr-reva.html">JCP documentation</a>
+    for a detailed list of changes.</li>
+<li>Add support for connectors to automatically select a free port to bind to.
+    This is useful when embedding and for testing.</li>
+<li>Update to Commons Pool 1.5.7, Commons Daemon 1.0.8 and Eclipse JDT compiler
+    3.7.1.</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.25_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.25_(markt)">ChangeLog for 7.0.25</a>
+</p>
+</section>
+
+<section name="Tomcat 5.5.35 Released" rtext="2012-01-16">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 5.5.35 of
+Apache Tomcat. This release includes many bug fixes and a number of security
+fixes over Apache Tomcat 5.5.34.
+</p>
+<p><strong>Note:</strong> End of life date for Apache Tomcat 5.5.x is announced.
+<a href="tomcat-55-eol.html">Read more...</a>
+</p>
+<p align="center">
+<a href="download-55.cgi">Download</a> |
+<a href="tomcat-5.5-doc/changelog.html">ChangeLog for 5.5.35</a>
+</p>
+</section>
+
+
+<section name="Older news">
+<p>Announcements from previous years can be found here:</p>
+<ul>
+  <li><a href="oldnews-2011.html">year 2011</a></li>
+  <li><a href="oldnews-2010.html">year 2010</a></li>
+</ul>
+</section>
+
+</body>
+</document>

Propchange: tomcat/site/trunk/xdocs/oldnews-2012.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/site/trunk/xdocs/oldnews.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/oldnews.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/oldnews.xml (original)
+++ tomcat/site/trunk/xdocs/oldnews.xml Fri May 10 08:37:35 2013
@@ -8,6 +8,44 @@
 
 <body>
 
+<section name="Tomcat 7.0.39 Released" rtext="2013-03-26">
+<p>
+The Apache Tomcat Project is proud to announce the release of version 7.0.39 of
+Apache Tomcat. This release contains a number of bug fixes and improvements
+compared to version 7.0.37. The notable changes include:
+<ul>
+<li>There have been multiple improvements in the bytes to/from characters
+    conversion process. The core conversion process has been refactored to use
+    the NIO APIs. This has resulted in a number of improvements including
+    invalid UTF-8 byte sequences at the end of a series of bytes now trigger a
+    conversion error rather than being silently swallowed. Errors detected in
+    request URIs will be replaced with the replacement character (allowing the
+    application to respond to the invalid URI as it wishes) and errors in
+    request bodies will trigger an IOException. The use of the JVM provided
+    UTF-8 decoder has been replaced by a better UTF-8 decoder derived from
+    Apache Harmony. This improved decoder has earlier detection of error
+    conditions and more closely follows the Unicode specification regarding the
+    use of replacement characters.</li>
+<li>The annotation scanning process now provides more information if the scan
+    fails due to broken class dependencies. There is now enough information to
+    identify the class(es) at fault. The JAR scanning process that supports
+    annotation scanning has also seen multiple improvements and fixes including
+    the exclusion by default of the Bootstrap class path from the scan.</li>
+<li>Upgraded a number of Tomcat&apos;s dependencies including Commons Daemon to
+    1.0.14, Commons IO to 2.4 and Commons FileUpload to r1458500. A new
+    dependency on Commons Codec was added to replace Tomcat's internal Base64
+    encoder/decoder.</li>
+</ul>
+Full details of these changes, and all the other changes, are available in the
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.39_(markt)">Tomcat 7 changelog</a>.
+</p>
+
+<p align="center">
+<a href="download-70.cgi">Download</a> |
+<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.39_(markt)">ChangeLog for 7.0.39</a>
+</p>
+</section>
+
 <section name="Tomcat 7.0.37 Released" rtext="2013-02-18">
 <p>
 The Apache Tomcat Project is proud to announce the release of version 7.0.37 of
@@ -69,388 +107,10 @@ for details.
 </p>
 </section>
 
-<section name="Tomcat 7.0.34 Released" rtext="2012-12-12">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.34 of
-Apache Tomcat. This release contains a small number of bug fixes and
-improvements compared to version 7.0.33. The notable changes include:
-<ul>
-<li>Improvements to the AccessLogValve to better handle non-standard DST changes
-    and to provide option for the current access log to have a standard name.
-    </li>
-<li>Fix various JMX registration and deregistration issues.</li>
-<li>Update the Eclipse JDT compiler to 4.2.1</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.34_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.34_(markt)">ChangeLog for 7.0.34</a>
-</p>
-</section>
-
-<section name="Tomcat 7.0.33 Released" rtext="2012-11-21">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.33 of
-Apache Tomcat. This release contains a small number of bug fixes and
-improvements compared to version 7.0.32. The notable changes include:
-<ul>
-<li>A fix to the AccessLogValve to address a bug that caused some entries to be
-    made with incorrect time stamps.</li>
-<li>A re-written, smaller, faster HTTP header parser.</li>
-<li>Further performance improvements for Jasper, Tomcat&apos;s JSP engine.</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.33_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.33_(markt)">ChangeLog for 7.0.33</a>
-</p>
-</section>
-
-<section name="Tomcat 6.0.36 Released" rtext="2012-10-19">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 6.0.36 of
-Apache Tomcat. This release includes security and bug fixes over Apache Tomcat
-6.0.35.
-
-</p>
-<p align="center">
-<a href="download-60.cgi">Download</a> |
-<a href="tomcat-6.0-doc/changelog.html#Tomcat_6.0.36_(jfclere)">ChangeLog for 6.0.36</a>
-</p>
-</section>
-
-<section name="Tomcat 5.5.36 Released" rtext="2012-10-10">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 5.5.36 of
-Apache Tomcat. This release is primarily a bug fix release.
-</p>
-<p><strong>Note:</strong> As per the previous<a href="tomcat-55-eol.html">
-end of life announcement</a> this will almost certainly be the final Apache
-Tomcat 5.5.x release. Users of the 5.5.x series are strongly encouraged to
-upgrade to at least 6.0.x and ideally 7.0.x.
-</p>
-<p align="center">
-<a href="download-55.cgi">Download</a> |
-<a href="tomcat-5.5-doc/changelog.html">ChangeLog for 5.5.36</a>
-</p>
-</section>
-
-<section name="Tomcat 7.0.32 Released" rtext="2012-10-09">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.32 of
-Apache Tomcat. This release contains a small number of bug fixes and
-improvements compared to version 7.0.30. The notable changes include:
-<ul>
-<li>A new option to automatically remove old, unused versions (ones where there
-    are no longer any active sessions) of applications deployed using parallel
-    deployment.</li>
-<li>Faster parsing of JSPs.</li>
-<li>Make the members and deployer associated with a cluster visible via JMX.
-    </li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.32_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.32_(markt)">ChangeLog for 7.0.32</a>
-</p>
-</section>
-
-<section name="Tomcat Maven Plugin 2.0 Released" rtext="2012-09-14">
-<p>
-The Apache Tomcat team is pleased to
-<a href="http://mail-archives.apache.org/mod_mbox/tomcat-announce/201209.mbox/%3CCAPoyBqRLPukj%3D8d0XQOgV_%2BewB31-s6SOG6%3D8m3gDcYLo-%2BOpA%40mail.gmail.com%3E">announce</a>
-the release of Tomcat Maven Plugin 2.0.
-</p>
-<p>
-The <a href="maven-plugin.html">Apache Tomcat Maven Plugin</a> provides goals
-to manipulate WAR projects within the Apache Tomcat servlet container.
-</p>
-<p>
-The binaries are available from Maven repositories. You should specify the
-version in your project's plugin configuration:
-</p>
-<source><![CDATA[
-  <plugin>
-    <groupId>org.apache.tomcat.maven</groupId>
-    <artifactId>tomcat6-maven-plugin</artifactId>
-    <version>2.0</version>
-  </plugin>
-]]></source>
-or
-<source><![CDATA[
-  <plugin>
-    <groupId>org.apache.tomcat.maven</groupId>
-    <artifactId>tomcat7-maven-plugin</artifactId>
-    <version>2.0</version>
-  </plugin>
-]]></source>
-</section>
-
-<section name="Tomcat 7.0.30 Released" rtext="2012-09-06">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.30 of
-Apache Tomcat. This release contains numerous bug fixes and improvements
-compared to version 7.0.29. The notable changes include:
-<ul>
-<li>Significantly reduced memory footprint during web application start while
-    Servlet 3.0 annotation and SCI scanning is in progress.</li>
-<li>Adds support for scanning of classes that use Java 7 specific byte code for
-    Servlet 3.0 annotation and SCI scanning.</li>
-<li>Improvements to DIGEST and FORM authentication.</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.30_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.30_(markt)">ChangeLog for 7.0.30</a>
-</p>
-</section>
-
-<section name="Tomcat 7.0.29 Released" rtext="2012-07-08">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.29 of
-Apache Tomcat. This release corrects a small number of regressions introduced in
-the 7.0.28 release and takes account of several recent clarifications from the
-Servlet Expert Group as well as containing a handful of bug fixes and small
-improvements compared to version 7.0.28. The notable changes include:
-<ul>
-<li>Add support for a default error page</li>
-<li>The servlet version defined in web.xml no longer determines if Tomcat scans
-    for annotations when the web application starts. This is now solely
-    controlled by metadata-complete element.</li>
-<li>On web application start, JARs are now always scanned for
-    ServletContainerInitializers regardless of the setting of
-    metadata-complete</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.29_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.29_(markt)">ChangeLog for 7.0.29</a>
-</p>
-</section>
-
-<section name="Tomcat 7.0.28 Released" rtext="2012-06-19">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.28 of
-Apache Tomcat. This release is includes may improvements as well as a number of
-bug fixes compared to version 7.0.27. The notable changes include:
-<ul>
-<li>The minimum required APR/native library version required if the APR/native
-    connector is used is now 1.1.24.</li>
-<li>Various fixes and improvements to WebSocket support including the use of
-    infinite timeouts by default for WebSocket connections.</li>
-<li>Various fixes and improvements to annotation scanning.</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.28_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.28_(markt)">ChangeLog for 7.0.28</a>
-</p>
-</section>
-
-<section name="Tomcat Native 1.1.24 Released" rtext="2012-06-13">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 1.1.24 of
-Tomcat Native.
-</p>
-<p align="center">
-<a href="download-native.cgi">Download</a> |
-<a href="native-doc/miscellaneous/changelog.html">ChangeLog for 1.1.24</a>
-</p>
-</section>
-
-<section name="Tomcat Connectors 1.2.36 Released" rtext="2012-05-14">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 1.2.36 of
-Apache Tomcat Connectors.
-This version fixes few bugs found in 1.2.35 release.
-</p>
-<p align="center">
-<a href="download-connectors.cgi">Download</a> |
-<a href="connectors-doc/miscellaneous/changelog.html">ChangeLog for 1.2.36</a>
-</p>
-</section>
-
-<section name="Tomcat 7.0.27 Released" rtext="2012-04-05">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.27 of
-Apache Tomcat. This release is includes significant new features as well as a
-number of bug fixes compared to version 7.0.26. The notable changes include:
-<ul>
-<li>Support for the WebSocket protocol (RFC6455). Both streaming and message
-    based APIs are provided and the implementation currently fully passes the
-    Autobahn test suite. Also included are several examples.</li>
-<li>A number of fixes to the HTTP NIO connector, particularly when using Comet.
-    </li>
-<li>Improve the memory leak prevention and detection code so that is works well
-    with JVMs from IBM.</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.27_(markt)">ChangeLog for 7.0.27</a>
-</p>
-</section>
-
-<section name="Tomcat Connectors 1.2.35 Released" rtext="2012-03-24">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 1.2.35 of
-Apache Tomcat Connectors.
-This version fixes few bugs found in 1.2.33 release.
-</p>
-<p><strong>Notice:</strong> Users of discontinued Apache HTTPD 1.3.x version will need to apply the
-<a href="http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-1.3/mod_jk.c?r1=1302445&amp;r2=1305020">r1305020 patch</a>
-to be able to compile this version of mod_jk.</p>
-<p align="center">
-<a href="download-connectors.cgi">Download</a> |
-<a href="connectors-doc/miscellaneous/changelog.html">ChangeLog for 1.2.35</a>
-</p>
-</section>
-
-<section name="Tomcat Connectors 1.2.33 Released" rtext="2012-03-12">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 1.2.33 of
-Apache Tomcat Connectors.
-This version is principally a bugfix release.
-</p>
-<p><strong>Warning:</strong> There are stability issues with the mod_jk 1.2.33
-release. If you have not yet upgraded to mod_jk 1.2.33 we recommend that you
-wait for the mod_jk 1.2.35 release. If you have
-upgraded and experienced issues we recommend that you downgrade to
-mod_jk 1.2.32 until mod_jk 1.2.35 is available.</p>
-
-<p><strong>Update:</strong> mod_jk 1.2.35 is available.</p>
-</section>
-
-<section name="Tomcat Native 1.1.23 Released" rtext="2012-03-02">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 1.1.23 of Tomcat Native.
-This version is principally a bugfix release.
-</p>
-<p align="center">
-<a href="download-native.cgi">Download</a> |
-<a href="native-doc/miscellaneous/changelog.html">ChangeLog for 1.1.23</a>
-</p>
-</section>
-
-<section name="Tomcat 7.0.26 Released" rtext="2012-02-21">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.26 of
-Apache Tomcat. This release is primarily a bug fix release and includes numerous
-bug fixes compared to version 7.0.25. The notable bug fixes include:
-<ul>
-<li>Improved <code>@HandlesTypes</code> processing which no longer loads all
-    classes on web application start.</li>
-<li>Ensure that POST bodies are available for reply after FORM authentication
-    when using the AJP connectors</li>
-<li>Corrected a regression that broke annotation scanning for many use cases
-    including web applications packaged as WARs and many embedded scenarios.
-    </li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.25_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.26_(markt)">ChangeLog for 7.0.26</a>
-</p>
-</section>
-
-<section name="Tomcat Maven Plugin 2.0-beta-1 Released" rtext="2012-02-01">
-<p>
-The Apache Tomcat team is pleased to announce the release of Tomcat
-Maven Plugin 2.0-beta-1.
-</p>
-<p>
-The <a href="maven-plugin.html">Apache Tomcat Maven Plugin</a> provides goals
-to manipulate WAR projects within the Apache Tomcat servlet container.
-</p>
-<p>
-The binaries are available from Maven repositories. You should specify the
-version in your project's plugin configuration:
-</p>
-<source><![CDATA[
-  <plugin>
-    <groupId>org.apache.tomcat.maven</groupId>
-    <artifactId>tomcat6-maven-plugin</artifactId>
-    <version>2.0-beta-1</version>
-  </plugin>
-]]></source>
-or
-<source><![CDATA[
-  <plugin>
-    <groupId>org.apache.tomcat.maven</groupId>
-    <artifactId>tomcat7-maven-plugin</artifactId>
-    <version>2.0-beta-1</version>
-  </plugin>
-]]></source>
-</section>
-
-<section name="Tomcat 7.0.25 Released" rtext="2012-01-21">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 7.0.25 of
-Apache Tomcat. This release includes numerous bug fixes and several new features
-compared to version 7.0.23. The notable new features include:
-<ul>
-<li>Align the Servlet 3.0 implementation with the changes defined in the first
-    maintenance release (also known as Rev. A.). See the
-    <a href="http://jcp.org/aboutJava/communityprocess/maintenance/jsr315/servlet3-mr-reva.html">JCP documentation</a>
-    for a detailed list of changes.</li>
-<li>Add support for connectors to automatically select a free port to bind to.
-    This is useful when embedding and for testing.</li>
-<li>Update to Commons Pool 1.5.7, Commons Daemon 1.0.8 and Eclipse JDT compiler
-    3.7.1.</li>
-</ul>
-Full details of these changes, and all the other changes, are available in the
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.25_(markt)">Tomcat 7 changelog</a>.
-</p>
-
-<p align="center">
-<a href="download-70.cgi">Download</a> |
-<a href="tomcat-7.0-doc/changelog.html#Tomcat_7.0.25_(markt)">ChangeLog for 7.0.25</a>
-</p>
-</section>
-
-<section name="Tomcat 5.5.35 Released" rtext="2012-01-16">
-<p>
-The Apache Tomcat Project is proud to announce the release of version 5.5.35 of
-Apache Tomcat. This release includes many bug fixes and a number of security
-fixes over Apache Tomcat 5.5.34.
-</p>
-<p><strong>Note:</strong> End of life date for Apache Tomcat 5.5.x is announced.
-<a href="tomcat-55-eol.html">Read more...</a>
-</p>
-<p align="center">
-<a href="download-55.cgi">Download</a> |
-<a href="tomcat-5.5-doc/changelog.html">ChangeLog for 5.5.35</a>
-</p>
-</section>
-
-
 <section name="Older news">
 <p>Announcements from previous years can be found here:</p>
 <ul>
+  <li><a href="oldnews-2012.html">year 2012</a></li>
   <li><a href="oldnews-2011.html">year 2011</a></li>
   <li><a href="oldnews-2010.html">year 2010</a></li>
 </ul>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri May 10 08:37:35 2013
@@ -49,6 +49,41 @@
   </section>
 
 
+  <section name="Fixed in Apache Tomcat 6.0.37" rtext="released 3 May 2013">
+
+    <p><strong>Important: Session fixation</strong>
+       <cve>CVE-2013-2067</cve></p>
+
+    <p>FORM authentication associates the most recent request requiring
+       authentication with the current session. By repeatedly sending a request
+       for an authenticated resource while the victim is completing the login
+       form, an attacker could inject a request that would be executed using
+       the victim's credentials.</p>
+
+    <p>This was fixed in revision <revlink rev="1417891">1417891</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 15 Oct 2012 and
+       made public on 10 May 2013.</p>
+
+    <p>Affects: 6.0.21-6.0.36</p>
+
+    <p><strong>Important: Denial of service</strong>
+       <cve>CVE-2012-3439</cve></p>
+
+    <p>When processing a request submitted using the chunked transfer encoding,
+       Tomcat ignored but did not limit any extensions that were included. This
+       allows a client to perform a limited DOS by streaming an unlimited
+       amount of data to the server.</p>
+
+    <p>This was fixed in revision <revlink rev="1476592">1476592</revlink>.</p>
+
+    <p>This issue was reported to the Tomcat security team on 10 November 2011
+       and made public on 10 May 2013.</p>
+
+    <p>Affects: 6.0.0-6.0.36</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 6.0.36" rtext="released 19 Oct 2012">
   
     <p><strong>Important: Denial of service</strong>

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Fri May 10 08:37:35 2013
@@ -50,7 +50,47 @@
 
   </section>
 
-<section name="Fixed in Apache Tomcat 7.0.32" rtext="released 9 Oct 2012">
+  <section name="Fixed in Apache Tomcat 7.0.40" rtext="released 9 May 2013">
+
+    <p><strong>Moderate: Information disclosure</strong>
+       <cve>CVE-2013-2071</cve></p>
+
+    <p>Bug <bug>54178</bug> described a scenario where elements of a previous
+       request may be exposed to a current request. This was very difficult to
+       exploit deliberately but fairly likely to happen unexpectedly if an
+       application used AsyncListeners that threw RuntimeExceptions.</p>
+
+    <p>This was fixed in revision <revlink rev="1471372">1471372</revlink>.</p>
+
+    <p>The root cause of the problem was identified as a Tomcat bug on 2 April
+       2013. The Tomcat security team identified the security implications on
+       24 April 2013 and made those details public on 10 May 2013.</p>
+
+    <p>Affects: 7.0.0-7.0.39</p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat 7.0.33" rtext="released 21 Nov 2012">
+
+    <p><strong>Important: Session fixation</strong>
+       <cve>CVE-2013-2067</cve></p>
+
+    <p>FORM authentication associates the most recent request requiring
+       authentication with the current session. By repeatedly sending a request
+       for an authenticated resource while the victim is completing the login
+       form, an attacker could inject a request that would be executed using
+       the victim's credentials.</p>
+
+    <p>This was fixed in revision <revlink rev="1408044">1408044</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 15 Oct 2012 and
+       made public on 10 May 2013.</p>
+
+    <p>Affects: 7.0.0-7.0.32</p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat 7.0.32" rtext="released 9 Oct 2012">
 
     <p><strong>Important: Bypass of CSRF prevention filter</strong>
        <cve>CVE-2012-4431</cve></p>
@@ -70,6 +110,22 @@
 
   <section name="Fixed in Apache Tomcat 7.0.30" rtext="released 6 Sep 2012">
 
+    <p><strong>Important: Denial of service</strong>
+       <cve>CVE-2012-3544</cve></p>
+
+    <p>When processing a request submitted using the chunked transfer encoding,
+       Tomcat ignored but did not limit any extensions that were included. This
+       allows a client to perform a limited DOS by streaming an unlimited
+       amount of data to the server.</p>
+
+    <p>This was fixed in revisions <revlink rev="1378702">1378702</revlink> and
+       <revlink rev="1378921">1378921</revlink>.</p>
+
+    <p>This issue was reported to the Tomcat security team on 10 November 2011
+       and made public on 10 May 2013.</p>
+
+    <p>Affects: 7.0.0-7.0.29</p>
+
     <p><strong>Moderate: DIGEST authentication weakness</strong>
        <cve>CVE-2012-3439</cve></p>
 

Modified: tomcat/site/trunk/xdocs/whichversion.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/whichversion.xml?rev=1480932&r1=1480931&r2=1480932&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/whichversion.xml (original)
+++ tomcat/site/trunk/xdocs/whichversion.xml Fri May 10 08:37:35 2013
@@ -29,7 +29,7 @@ mapping between the specifications and t
 <tr>
   <td>3.0/2.2</td>
   <td>7.0.x</td>
-  <td>7.0.39</td>
+  <td>7.0.40</td>
   <td>1.6</td>
 </tr>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message