www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rj...@apache.org>
Subject [ANN] Apache Tomcat JK 1.2.23 Web Server Connector released
Date Fri, 18 May 2007 19:45:49 GMT
The Apache Tomcat team is pleased to announce the immediate availability
of version 1.2.23 of the Apache Tomcat Connectors.

It contains connectors, which allow a web server such as Apache HTTPD,
Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web
application server.

This version contains only one security fix:

CVE-2007-1860: Information disclosure
(patch for CVE-2007-0450 was insufficient)

With the mod_jk default configuration, double encoded URLs could break 
JkMount access control. A complete fix might need configuration 
adjustments. Please consult

http://tomcat.apache.org/security-jk.html

for a more detailed description. Please note, that this issue only 
affected the Apache HTTPD module mod_jk.

Source distribtions can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Binary distributions for a number of different operating systems and
web servers can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5
can be found at:

http://tomcat.apache.org/connectors-doc/

Thank you,

-- The Apache Tomcat Team




Mime
View raw message