Remy Maucherat wrote: > A security vulnerability which affects all releases of Tomcat 4.x has > been discovered. > > It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at > which time the exploit will be publicized. The security advisory will > also include an easy workaround to protect existing Tomcat > installations, so upgrading is not a necessity. > > Tomcat 4.0.5 release > -------------------- > > Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of: > - a bugfix to URL parsing > - the security fix > > <ballot> > +1 [X] Yes, I approve this release > -1 [ ] No, because: > > </ballot> > > Tomcat 4.1.12 Stable release > ---------------------------- > > Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10 since its > release. Tomcat 4.1.11, on which the release is based, has recieved > positive feedback so far. The list of changes is available in the > release notes. > It is proposed that it recieves a Stable rating. The existing 4.1.10 > release will be retired. > > <ballot> > +1 [X] Yes, I approve this release > -1 [ ] No, because: > > </ballot> > > The proposed binaries for 4.0.5 and 4.1.12 are available at: > http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ > http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ > > 4.0.5 was packaged on my new computer (which I have been using for all > the 4.1.x releases), and may contain unwanted changes over 4.0.4. Please > let me know if there are problems. > > Remy > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
