Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 10136 invoked from network); 14 Jul 2008 22:06:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Jul 2008 22:06:03 -0000 Received: (qmail 32420 invoked by uid 500); 14 Jul 2008 22:05:52 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 32057 invoked by uid 500); 14 Jul 2008 22:05:51 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 32046 invoked by uid 99); 14 Jul 2008 22:05:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jul 2008 15:05:51 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [193.252.22.159] (HELO smtp5.freeserve.com) (193.252.22.159) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jul 2008 22:04:57 +0000 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf3429.me.freeserve.com (SMTP Server) with ESMTP id 6F7231C00081 for ; Tue, 15 Jul 2008 00:05:20 +0200 (CEST) Received: from smtp.homeinbox.net (unknown [91.109.138.200]) by mwinf3429.me.freeserve.com (SMTP Server) with ESMTP id 08ABD1C0008A for ; Tue, 15 Jul 2008 00:05:19 +0200 (CEST) X-ME-UUID: 20080714220519355.08ABD1C0008A@mwinf3429.me.freeserve.com Received: from localhost (localhost [127.0.0.1]) by smtp.homeinbox.net (Postfix) with ESMTP id 9E248112465 for ; Mon, 14 Jul 2008 23:01:17 +0100 (BST) X-Virus-Scanned: Debian amavisd-new at homeinbox.net Received: from smtp.homeinbox.net ([127.0.0.1]) by localhost (server02.dev.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9I7k61j6RVe for ; Mon, 14 Jul 2008 23:01:13 +0100 (BST) Received: from [192.168.0.4] (study01.dev.local [192.168.0.4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.homeinbox.net (Postfix) with ESMTPSA id 51CD611204C for ; Mon, 14 Jul 2008 23:01:12 +0100 (BST) Message-ID: <487BCD97.9010907@apache.org> Date: Mon, 14 Jul 2008 23:05:11 +0100 From: Mark Thomas User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability References: <48446A11.7030702@apache.org> <7B18F88A432A7C40ACCD9CF0EC81C420578AB4@us0exb09.us.sonicwall.com> In-Reply-To: <7B18F88A432A7C40ACCD9CF0EC81C420578AB4@us0exb09.us.sonicwall.com> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Eric Hawkes wrote: > Hi, > >> This issue has been fixed ... in 5.5.27 and 6.0.17. >> It is anticipated that these versions will be released shortly. > > It's been about six weeks. Is there any further information > on when Tomcat 5.5.27 will be released? > > Thanks, > > Eric No plans as yet. From past experience, it won't be any earlier than the next stable 6.0.x release. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org