2011年9月24日

[installer 2963] Apache Tomcat 5.5.34

Apache Tomcat 5.5.34 出ています。

複数のセキュリティホールの修正が含まれています。
http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.34
参照のこと。

☆ Apache Tomcat 5.5.34
http://tomcat.apache.org/

http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.34/src/apache-tomcat-5.5.34-src.tar.gz

Tomcat 5.5.34 (jim)
General
* Update Tomcat-Native to 1.1.22. (jim)
* Fix CVE-2011-2729. Update to Commons Daemon 1.0.7. (markt)
* 33262: When using the Windows installer, the monitor is now
auto-started for the current user rather than all users to be
consistent with menu item creation. (markt)
* 40510: Provide an option within the Windows installer to create menu
entries for the current user or all users. (markt)
* 50949: Add the ability to specify the AJP port and the shutdown port
when using the Windows installer. (markt)
* 51135: Fix auto-detection of JAVA_HOME for 64-bit Windows platforms
that only have a 32-bit JVM installed when using the Windows
installer. (markt)

Catalina
* 27988: Improve reporting of missing files. (markt)
* 28852: Add URL encoding where missing to parameters in URLs
presented by Ant tasks to the Manager application. Based on a patch
by Stephane Bailliez. (mark)
* 41179: Return 404 rather than 400 for requests to the ROOT context
when no ROOT context has been deployed. (markt)
* 50189: Once the application has finished writing to the response,
prevent further reads from the request since this causes various
problems in the connectors which do not expect this. (markt)
* Fix CVE-2011-2204. Prevent user passwords appearing in log files if
a runtime exception (e.g. OOME) occurs while creating a new user for
a MemoryUserDatabase via JMX. (markt)
* 51042: Don't trigger session creation listeners when a session ID is
changed as part of the authentication process. (markt)
* 51324: Improve handling of exceptions when flushing the response
buffer to ensure that the doFlush flag does not get stuck in the
enabled state. Patch provided by Jeremy Norris. (kkolinko)
* 51403: Avoid NullPointerException in JULI FileHandler if formatter
is misconfigured. (kkolinko)
* 51473: Fix concatenation of values in SecurityConfig.setSecurityProperty()
when the value provided by JRE is null. (kkolinko)
* 51550: Internal errors in Tomcat components that process requests
before they are passed to a web application, such as Authenticators,
now return a 500 response rather than a 200 response. (markt)
* Add additional configuration options to the DIGEST authenticator. (markt)

Coyote
* Fix CVE-2011-2526. Protect against crashes (HTTP APR) if sendfile is
configured to send more data than is available in the file. (markt)
* 50394: Return -1 from read operation instead of throwing an
exception when encountering an EOF with the HTTP APR connector.
(kkolinko)
* 50744: Skip the SSL configuration check on platforms where an
unbounded socket cannot be created. (kkolinko)
* 51073: Throw an exception and do not start the APR connector if it
is configured for SSL and an invalid value is provided for
SSLProtocol. (markt)
* 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)

Jasper
* 36362: Handle the case where tag file attributes (which can use any
valid XML name) have a name which is not a Java identifier. (markt)
* Fix possible threading issue in JSP compilation when development
mode is enabled. (markt)

Cluster
* 48717: Ensure session activation events are fired. (markt)
* 50771: Ensure HttpServletRequest#getAuthType() returns the name of
the authentication scheme if request has already been authenticated.
(kfujino)
* 51647: Fix session replication when a session attribute is a Java
dynamic proxy. Based on a patch by Tomasz Skutnik. (markt)

Webapps
* 41498: Add the allRolesMode attribute to the Realm configuration
page in the documentation web application. (markt)
* Configure Security Manager How-To to include a copy of the actual
conf/catalina.policy file when the documentation is built, rather
than maintaining a copy of its content. (kkolinko)
* 48997: Fixed some typos and improve cross-referencing to the HTTP
Connector and APR documentation with the SSL How-To page of the
documentation web application. (markt)

Other
* Align jpda settings in catalina.bat with catalina.sh, tc6.0.x,
tc7.0.x and trunk. (markt)
* Clarify error messages in *.sh files to mention that if a script is
not found it might be because execute permission is needed.
(kkolinko)

----
こがよういちろう


投稿者 xml-rpc : 2011年9月24日 14:21
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/106515
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。