A security vulnerability which affects all releases of Tomcat 4.x has been discovered.
It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at which time the exploit will be publicized. The security advisory will also include an easy workaround to protect existing Tomcat installations, so upgrading is not a necessity. Tomcat 4.0.5 release -------------------- Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: - a bugfix to URL parsing - the security fix <ballot> +1 [ ] Yes, I approve this release -1 [ ] No, because: </ballot> Tomcat 4.1.12 Stable release ---------------------------- Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its release. Tomcat 4.1.11, on which the release is based, has recieved positive feedback so far. The list of changes is available in the release notes. It is proposed that it recieves a Stable rating. The existing 4.1.10 release will be retired. <ballot> +1 [ ] Yes, I approve this release -1 [ ] No, because: </ballot> The proposed binaries for 4.0.5 and 4.1.12 are available at: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ 4.0.5 was packaged on my new computer (which I have been using for all the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please let me know if there are problems. Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
