Time for a mod_jk release?

[Christopher Schultz <ch...@christopherschultz.net>]

All,

There have been some questions lately on the users' list about a release
date for mod_jk which includes a fix for slash-collapsing.

http://svn.apache.org/viewvc?view=revision&revision=1647017

It's been a bit over a year since the last release, so it seems like
mod_jk is fairly stable other than this issue. Does anyone have time to
roll a release?

-chris

Re: Time for a mod_jk release?

[Konstantin Kolinko <kn...@gmail.com>]

2015-07-16 16:31 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>:
> All,
>
> On 6/23/15 12:51 PM, Christopher Schultz wrote:
>> There have been some questions lately on the users' list about a release
>> date for mod_jk which includes a fix for slash-collapsing.
>>
>> http://svn.apache.org/viewvc?view=revision&revision=1647017
>>
>> It's been a bit over a year since the last release, so it seems like
>> mod_jk is fairly stable other than this issue. Does anyone have time to
>> roll a release?
>
> Bump. Another request on the users list for a version of mod_jk which
> resolves CVE-2014-8111.

How about doing a source-only release?

Previous version (1.2.40) was released on 2014-04-15

For reference:
~~~~~~~~~~~~
1) Setting release flag and tagging:
http://svn.apache.org/r1586618  (release flag)
http://svn.apache.org/r1586619  (tag)
http://svn.apache.org/r1586623  (drop tag)
http://svn.apache.org/r1586627  (last minute fix)
http://svn.apache.org/r1586629  (tag)

2) "VOTE] Release Apache Tomcat Connectors 1.2.40" thread (2014-04-11)
http://tomcat.markmail.org/thread/ephgvwqgepgdu3eo
http://mail-archives.apache.org/mod_mbox/tomcat-dev/201404.mbox/%3C5347EB5F.1030400%40apache.org%3E

3) Upload of artifacts after successful vote: (svn commit: r5032, 2014-04-14)
http://mail-archives.apache.org/mod_mbox/tomcat-dev/201404.mbox/%3C20140414194013.1556A23889EA%40eris.apache.org%3E

Looking at current artifacts:
~~~~~~~~~~~~~~~~~~~~~
There are
1) -src.zip, -src.tar.gz
2) binaries/netware/

- These are stale Version 1.2.32, January 2012.

3) binaries/windows/

- IIS 32-bit
- IIS 64-bit
- iPlanet 32-bit
- Apache HTTPD 2.0, 2.2 and 2.4 32-bit
- Apache HTTPD 2.4 64-bit

Personally, I have no use for the above binaries. I have no interest
in IIS and iPlanet.


For HTTPD I would prefer binaries from Apache Lounge [1].  They have
them in several flavors that match their releases of HTTPD, using
different MS Visual C++ runtimes (VC10, VC11, VC14).

Apache Lounge do not have HTTPD 2.2 binaries anymore [2] (they had
them a year ago). They do not provide downloads of old versions, only
the current ones are available [3].

Our (apache.org) binaries for HTTPD do not have any information about
what dependencies were used to create the build. I hope the libraries
were statically linked.

[1] http://www.apachelounge.com/download/
[2] http://www.apachelounge.com/viewtopic.php?t=6586
[3] http://www.apachelounge.com/viewtopic.php?t=6649#31076


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Time for a mod_jk release?

[Christopher Schultz <ch...@christopherschultz.net>]

All,

On 6/23/15 12:51 PM, Christopher Schultz wrote:
> There have been some questions lately on the users' list about a release
> date for mod_jk which includes a fix for slash-collapsing.
> 
> http://svn.apache.org/viewvc?view=revision&revision=1647017
> 
> It's been a bit over a year since the last release, so it seems like
> mod_jk is fairly stable other than this issue. Does anyone have time to
> roll a release?

Bump. Another request on the users list for a version of mod_jk which
resolves CVE-2014-8111.

-chris