You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2015/06/23 19:51:59 UTC
Time for a mod_jk release?
All,
There have been some questions lately on the users' list about a release
date for mod_jk which includes a fix for slash-collapsing.
http://svn.apache.org/viewvc?view=revision&revision=1647017
It's been a bit over a year since the last release, so it seems like
mod_jk is fairly stable other than this issue. Does anyone have time to
roll a release?
-chris
Re: Time for a mod_jk release?
Posted by Konstantin Kolinko <kn...@gmail.com>.
2015-07-16 16:31 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>:
> All,
>
> On 6/23/15 12:51 PM, Christopher Schultz wrote:
>> There have been some questions lately on the users' list about a release
>> date for mod_jk which includes a fix for slash-collapsing.
>>
>> http://svn.apache.org/viewvc?view=revision&revision=1647017
>>
>> It's been a bit over a year since the last release, so it seems like
>> mod_jk is fairly stable other than this issue. Does anyone have time to
>> roll a release?
>
> Bump. Another request on the users list for a version of mod_jk which
> resolves CVE-2014-8111.
How about doing a source-only release?
Previous version (1.2.40) was released on 2014-04-15
For reference:
~~~~~~~~~~~~
1) Setting release flag and tagging:
http://svn.apache.org/r1586618 (release flag)
http://svn.apache.org/r1586619 (tag)
http://svn.apache.org/r1586623 (drop tag)
http://svn.apache.org/r1586627 (last minute fix)
http://svn.apache.org/r1586629 (tag)
2) "VOTE] Release Apache Tomcat Connectors 1.2.40" thread (2014-04-11)
http://tomcat.markmail.org/thread/ephgvwqgepgdu3eo
http://mail-archives.apache.org/mod_mbox/tomcat-dev/201404.mbox/%3C5347EB5F.1030400%40apache.org%3E
3) Upload of artifacts after successful vote: (svn commit: r5032, 2014-04-14)
http://mail-archives.apache.org/mod_mbox/tomcat-dev/201404.mbox/%3C20140414194013.1556A23889EA%40eris.apache.org%3E
Looking at current artifacts:
~~~~~~~~~~~~~~~~~~~~~
There are
1) -src.zip, -src.tar.gz
2) binaries/netware/
- These are stale Version 1.2.32, January 2012.
3) binaries/windows/
- IIS 32-bit
- IIS 64-bit
- iPlanet 32-bit
- Apache HTTPD 2.0, 2.2 and 2.4 32-bit
- Apache HTTPD 2.4 64-bit
Personally, I have no use for the above binaries. I have no interest
in IIS and iPlanet.
For HTTPD I would prefer binaries from Apache Lounge [1]. They have
them in several flavors that match their releases of HTTPD, using
different MS Visual C++ runtimes (VC10, VC11, VC14).
Apache Lounge do not have HTTPD 2.2 binaries anymore [2] (they had
them a year ago). They do not provide downloads of old versions, only
the current ones are available [3].
Our (apache.org) binaries for HTTPD do not have any information about
what dependencies were used to create the build. I hope the libraries
were statically linked.
[1] http://www.apachelounge.com/download/
[2] http://www.apachelounge.com/viewtopic.php?t=6586
[3] http://www.apachelounge.com/viewtopic.php?t=6649#31076
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Time for a mod_jk release?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
All,
On 6/23/15 12:51 PM, Christopher Schultz wrote:
> There have been some questions lately on the users' list about a release
> date for mod_jk which includes a fix for slash-collapsing.
>
> http://svn.apache.org/viewvc?view=revision&revision=1647017
>
> It's been a bit over a year since the last release, so it seems like
> mod_jk is fairly stable other than this issue. Does anyone have time to
> roll a release?
Bump. Another request on the users list for a version of mod_jk which
resolves CVE-2014-8111.
-chris