2009年6月30日

[installer 1983] Apache Tomcat 4.1.40

Apache Tomcat 4.1.40 出ています。

複数のセキュリティホールが修正されています。
http://tomcat.apache.org/security-4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
参照のこと。

5.5.x は、まだです。
http://tomcat.apache.org/security-5.html
参照のこと。

☆ Apache Tomcat 4.1.40
http://tomcat.apache.org/
http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.40/src/apache-tomcat-4.1.40-src.tar.gz


============
NEW FEATURES:
============
---------------------
Catalina New Features:
---------------------
[4.1.40] CVE-2009-0781
Fix XSS in calendar example


==========================
BUG FIXES AND IMPROVEMENTS:
==========================
------------------
Generic Bug Fixes:
------------------
[4.1.40] Docs
Remove use of autoReconnect flag from MySQL examples

[4.1.40] Build process
Fix various build process issues including:
- corrupted binary files in the .tar.gz source distribution
- extra lines appended to source files in the .tar.gz source
distribution
- add NOTICE and LICENSE files to the root of the source distibutions
- update the copyright year in the NOTICE file

------------------
Catalina Bug Fixes:
------------------
[4.1.40] Localisation
Fix typo in French localisation file name for the
org.apache.catalina.loader package.

[4.1.40] Realms
Fix information disclosure vulnerability that permitted user
enumeration when using FORM authentication.
This is CVE-2009-0580.

[4.1.40] #29936
Don't use web application provided XML parser to process web.xml files
This is part of CVE-2009-0783

[4.1.40] #45933
Don't use web application provided XML parser to process tld files
This is part of CVE-2009-0783

[4.1.40] Error Reporting Valve
Use UTF-8 encoding for default error pages to provide a workaround for
browsers that ignore that charset requirements of RFC2616

----------------
Coyote Bug Fixes:
----------------
[4.1.40] #41263
Fix ServletRequest.getRemotePort() when using mod_jk

[4.1.40] #45026
Don't map custom HTTP error codes to 500 when using mod_jk

[4.1.40] #45528
Fix infinite loop on startup when using an invalid ciphers setting

[4.1.40] #46552
Return a 400 rather than a 200 if headers are too large

[4.1.40] #46984
Reject requests with invalid HTTP methods with a 400 rather than a 501

[4.1.40] DateTool
Make thread safe

[4.1.40] Cookies
Port the cookie parsing changes from Tomcat 6

[4.1.40] CoyoteConnector
Fix a potential DOS vulnerability with the Java AJP connector
This is CVE-2009-0033

----
こがよういちろう


投稿者 xml-rpc : 2009年6月30日 09:03
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/86259
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。