You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Jean-Frederic <jf...@gmail.com> on 2007/03/02 17:02:12 UTC

[ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

The Apache Tomcat team is pleased to announce the immediate availability
of version 1.2.21 of the Apache Tomcat Connectors.

It contains connectors, which allow a web server such as Apache HTTPD,
Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web
application server.

This version of mod_jk is principally a bug and security fix release. 
The following potential security flaw is addressed:

CVE-2007-0774:
Fix a buffer overflow in map_uri_to_worker().
URL longer that 4095 were crashing mod_jk. This could have allow
different kind of attacks. Reported by ZDI.
Please note this issue only
affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server
Connector and not previous versions.  Tomcat 5.5.20 and Tomcat 4.1.34
included a vulnerable version in their source packages.
Other versions of Tomcat were not affected.

See http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
for a complete list of changes.

Source distribtions can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Binary distributions for a number of different operating systems and
web servers can be downloaded from an
Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5
can be found at:

http://tomcat.apache.org/connectors-doc/

Thank you,

-- The Apache Tomcat Team



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by "William L. Thomson Jr." <wl...@gentoo.org>.

On Fri, 2007-03-02 at 18:26 +0100, Mladen Turk wrote:
>
> Cool. I'll create Windows binaries as soon as
> the sources gets synced with mirrors.

Yeah that slowed me down a bit as well :)

Packaged and available on Gentoo in ~arch.

-- 
William L. Thomson Jr.
Gentoo/Java

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by Mladen Turk <mt...@apache.org>.

Jean-Frederic wrote:
> On Fri, 2007-03-02 at 17:34 +0100, Mladen Turk wrote:
>> Jean-Frederic wrote:
>>> Source distribtions can be downloaded from an
>>> Apache Software Foundation mirror at:
>>>
>>> http://tomcat.apache.org/download-connectors.cgi
>>>
>> Can you fix the files to 664 in www.apache.org/dist
>> for 1.2.21 ?
> 
> Done thanks
> 

Cool. I'll create Windows binaries as soon as
the sources gets synced with mirrors.

I propose we don't maintain the Apache 1.3
binaries for Win32 any more. Apache 2.0 and 2.2
binaries should be more then enough.

Regards,
Mladen.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by Jean-Frederic <jf...@gmail.com>.

On Fri, 2007-03-02 at 17:34 +0100, Mladen Turk wrote:
> Jean-Frederic wrote:
> > 
> > Source distribtions can be downloaded from an
> > Apache Software Foundation mirror at:
> > 
> > http://tomcat.apache.org/download-connectors.cgi
> >
> 
> Can you fix the files to 664 in www.apache.org/dist
> for 1.2.21 ?

Done thanks

Cheers

Jean-Frederic

> 
> Regards,
> Mladen.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by Mladen Turk <mt...@apache.org>.

Jean-Frederic wrote:
> 
> Source distribtions can be downloaded from an
> Apache Software Foundation mirror at:
> 
> http://tomcat.apache.org/download-connectors.cgi
>

Can you fix the files to 664 in www.apache.org/dist
for 1.2.21 ?

Regards,
Mladen.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by Rainer Jung <ra...@kippdata.de>.

Looks like you are using JkRequestLogFormat. This adds a kind of access
log to the mod_jk log file. New versions of mod_jk are able to log all
intersting info directly to the access log, so there should be no need
for JkRequestLogFormat in general.

Drop JkRequestLogFormat and set JkLogLevel to error (or warn).

Actually info would be beter. Info produces lines you can ignore unless
there are warnings o errors, but then there is helpful additional
information to understand, why the error occured.

Regards,

Rainer

Sven Köhler schrieb:
>> The Apache Tomcat team is pleased to announce the immediate availability
>> of version 1.2.21 of the Apache Tomcat Connectors.
> 
> Thanks! I desperately waited for it! ;-)
> 
> 
> If i may ask a quick question:
> what's that log output in mod_jk.log, looking like this?
> 
> [Fri Mar 02 23:02:48 2007] worker1 www.jugendherberge.de 0.045109
> [Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.019886
> [Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.047229
> [Fri Mar 02 23:02:52 2007] worker1 www.jugendherberge.de 0.038092
> 
> 
> JkLogLevel is set to info.
> Also tried error.
> 
> Actually, if i had a wish, i'd like to have only error-messages in
> mod_jk.log.
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by Sven Köhler <sk...@upb.de>.

> The Apache Tomcat team is pleased to announce the immediate availability
> of version 1.2.21 of the Apache Tomcat Connectors.

Thanks! I desperately waited for it! ;-)


If i may ask a quick question:
what's that log output in mod_jk.log, looking like this?

[Fri Mar 02 23:02:48 2007] worker1 www.jugendherberge.de 0.045109
[Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.019886
[Fri Mar 02 23:02:51 2007] worker1 www.jugendherberge.de 0.047229
[Fri Mar 02 23:02:52 2007] worker1 www.jugendherberge.de 0.038092


JkLogLevel is set to info.
Also tried error.

Actually, if i had a wish, i'd like to have only error-messages in
mod_jk.log.

Re: [ANN] Apache Tomcat JK 1.2.21 Web Server Connector released

Posted by Guenter Knauf <fu...@apache.org>.

Hi,
> The Apache Tomcat team is pleased to announce the immediate availability
> of version 1.2.21 of the Apache Tomcat Connectors.
I've just uploaded NetWare binaries to my directory:
http://people.apache.org/~fuankg/mod_jk/1.2.21/
can please someone with commit rights copy them over to the release location - my commit rights got lost with the move to SVN; or can someone kindly tell me how I can receive again the needed rights?

> This version of mod_jk is principally a bug and security fix release.
> The following potential security flaw is addressed:
It seems to me that with recently introduced check its no longer possible to use mod_jk without worker.properties file - was this intended? From the ChangeLog it sounds more as if the parameter is checked for proper path if exist; but the behaviour is that the worker.properties file is now mandatory.

greets, Guenter.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org