Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 98453 invoked from network); 29 Sep 2003 19:33:20 -0000 Received: from unknown (HELO forty.greenhydrant.com) (208.48.139.185) by daedalus.apache.org with SMTP; 29 Sep 2003 19:33:20 -0000 Received: from www.greenhydrant.com (localhost [127.0.0.1]) by forty.greenhydrant.com (Postfix) with SMTP id 2311BE396A for ; Mon, 29 Sep 2003 12:33:47 -0700 (PDT) Received: from 208.48.139.163 (SquirrelMail authenticated user dbr) by www.greenhydrant.com with HTTP; Mon, 29 Sep 2003 12:33:47 -0700 (PDT) Message-ID: <3279.208.48.139.163.1064864027.squirrel@www.greenhydrant.com> In-Reply-To: <012301c386c0$6d943c60$ec66a8c0@bbarkerxp> References: <9C5166762F311146951505C6790A9CF8013DF3A7@US-VS1.corp.mpi.com> <012301c386c0$6d943c60$ec66a8c0@bbarkerxp> Date: Mon, 29 Sep 2003 12:33:47 -0700 (PDT) Subject: Re: Jakarta Tomcat 4.1 XSS vulnerability From: "David Rees" To: "Tomcat Developers List" User-Agent: SquirrelMail/1.4.2 [CVS] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Mon, September 29, 2003 1at 2:32 pm, Bill Barker sent the following > Remy has already patched the HTTP Connector for this one (both Tomcat > 4&5). I believe that the patch still needs to be ported to the JK2 > Connector. Thanks for the update, Bill. Hope to see Tomcat 4.1.28 out soon, look like we could be seeing it as soon as next week. Thanks, Dave