The Apache Tomcat team is pleased to announce the immediate availability of version 1.2.21 of the Apache Tomcat Connectors.
It contains connectors, which allow a web server such as Apache HTTPD, Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web application server. This version of mod_jk is principally a bug and security fix release. The following potential security flaw is addressed: CVE-2007-0774: Fix a buffer overflow in map_uri_to_worker(). URL longer that 4095 were crashing mod_jk. This could have allow different kind of attacks. Reported by ZDI. Please note this issue only affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server Connector and not previous versions. Tomcat 5.5.20 and Tomcat 4.1.34 included a vulnerable version in their source packages. Other versions of Tomcat were not affected. See http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html for a complete list of changes. Source distribtions can be downloaded from an Apache Software Foundation mirror at: http://tomcat.apache.org/download-connectors.cgi Binary distributions for a number of different operating systems and web servers can be downloaded from an Apache Software Foundation mirror at: http://tomcat.apache.org/download-connectors.cgi Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5 can be found at: http://tomcat.apache.org/connectors-doc/ Thank you, -- The Apache Tomcat Team --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]