jakarta-site-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-site2/docs/site news.html
Date Thu, 07 Mar 2002 01:43:20 GMT
remm        02/03/06 17:43:20

  Modified:    docs/site news.html
  Log:
  - Update the information on the security vulnerability fixed in Tomcat 4.0.3.
  
  Revision  Changes    Path
  1.153     +8 -7      jakarta-site2/docs/site/news.html
  
  Index: news.html
  ===================================================================
  RCS file: /home/cvs/jakarta-site2/docs/site/news.html,v
  retrieving revision 1.152
  retrieving revision 1.153
  diff -u -r1.152 -r1.153
  --- news.html	6 Mar 2002 21:47:51 -0000	1.152
  +++ news.html	7 Mar 2002 01:43:20 -0000	1.153
  @@ -186,17 +186,18 @@
   <h3>1 March 2002 - Tomcat 4.0.3 Released</h3>
   </a>
                                                   <p>
  -  This release fixes a security vulnerability affecting the sandboxing
  -  provided by the Java Security Manager. It is otherwise identical to 4.0.2, 
  -  with the addition of the fix for this vulnerability. Tomcat installations 
  -  which do not use the Security Manager are not affected by this problem, 
  -  and don't need to be upgraded.
  +  This release fixes a security vulnerability affecting the use of the request
  +  dispatcher, which could allow in some rare cases a remote attacker to read 
  +  files anywhere on the server filesystem. It also provides a way
  +  for malicious servlets or JSP to bypass the Security Manager sandbox.
  +</p>
  +                                                <p>
     Binary and source distributions are available <a href="http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.3/">here</a>.
   </p>
                                                   <p>
     The fix for this security vulnerability is also available as a hotfix 
  -  which can be applied to an existing Tomcat 4.0.2 installation. Installing 
  -  the hotfix is equivalent to upgrading to Tomcat 4.0.3.
  +  which can be applied to an existing Tomcat 4.0.x installation. Installing 
  +  the hotfix on top of 4.0.2 is equivalent to upgrading to Tomcat 4.0.3.
     The hotfix can be found <a href="http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.2/bin/hotfix/">here</a>.
   </p>
                                                   <hr size="1" noshade="noshade" />
  
  
  

--
To unsubscribe, e-mail:   <mailto:site-cvs-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:site-cvs-help@jakarta.apache.org>


Mime
View raw message