The Apache Tomcat team is pleased to announce the immediate availability
of version 1.2.23 of the Apache Tomcat Connectors.
It contains connectors, which allow a web server such as Apache HTTPD,
Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web
application server.
This version contains only one security fix:
CVE-2007-1860: Information disclosure
(patch for CVE-2007-0450 was insufficient)
With the mod_jk default configuration, double encoded URLs could break
JkMount access control. A complete fix might need configuration
adjustments. Please consult
http://tomcat.apache.org/security-jk.html
for a more detailed description. Please note, that this issue only
affected the Apache HTTPD module mod_jk.
Source distribtions can be downloaded from an
Apache Software Foundation mirror at:
http://tomcat.apache.org/download-connectors.cgi
Binary distributions for a number of different operating systems and
web servers can be downloaded from an
Apache Software Foundation mirror at:
http://tomcat.apache.org/download-connectors.cgi
Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5
can be found at:
http://tomcat.apache.org/connectors-doc/
Thank you,
-- The Apache Tomcat Team
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
