You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/21 11:10:23 UTC

svn commit: r1874310 - in /tomcat/site/trunk: docs/findhelp.html docs/security-10.html docs/security.html xdocs/findhelp.xml xdocs/security-10.xml xdocs/security.xml

Author: markt
Date: Fri Feb 21 11:10:22 2020
New Revision: 1874310

URL: http://svn.apache.org/viewvc?rev=1874310&view=rev
Log:
Add Tomcat 10 to security and help pages

Added:
    tomcat/site/trunk/docs/security-10.html   (with props)
    tomcat/site/trunk/xdocs/security-10.xml   (with props)
Modified:
    tomcat/site/trunk/docs/findhelp.html
    tomcat/site/trunk/docs/security.html
    tomcat/site/trunk/xdocs/findhelp.xml
    tomcat/site/trunk/xdocs/security.xml

Modified: tomcat/site/trunk/docs/findhelp.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/findhelp.html?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/docs/findhelp.html (original)
+++ tomcat/site/trunk/docs/findhelp.html Fri Feb 21 11:10:22 2020
@@ -11,7 +11,7 @@ of help are presented in the same order
 <p>The first resource to check is the documentation. In addition to the Tomcat
 documentation (make sure you check the documentation for the version you are
 using) you should also check the relevant Servlet and/or JSP
-<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+and+JSP+specifications">Specification</a>
+<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Specifications">Specification</a>
 documents. Much of Tomcat's behaviour is determined by these specifications and
 the information in them is not typically duplicated in the Tomcat
 documentation.</p>

Added: tomcat/site/trunk/docs/security-10.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1874310&view=auto
==============================================================================
--- tomcat/site/trunk/docs/security-10.html (added)
+++ tomcat/site/trunk/docs/security-10.html Fri Feb 21 11:10:22 2020
@@ -0,0 +1,52 @@
+<!DOCTYPE html SYSTEM "about:legacy-compat">
+<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link href="res/css/tomcat.css" rel="stylesheet" type="text/css"><link href="res/css/fonts/fonts.css" rel="stylesheet" type="text/css"><title>Apache Tomcat&reg; - Apache Tomcat 10 vulnerabilities</title><meta name="author" content="Apache Tomcat Project"></head><body><div id="wrapper"><header id="header"><div class="clearfix"><div class="menu-toggler pull-left" tabindex="1"><div class="hamburger"></div></div><a href="http://tomcat.apache.org/"><img class="tomcat-logo pull-left noPrint" alt="Tomcat Home" src="res/images/tomcat.png"></a><h1 class="pull-left">Apache Tomcat<sup>&reg;</sup></h1><div class="asf-logos pull-right"><a href="https://www.apache.org/foundation/contributing.html" target="_blank" class="pull-left"><img src="https://www.apache.org/images/SupportApache-small.png" class="support-asf" alt="Support Apache"></a><a 
 href="http://www.apache.org/" target="_blank" class="pull-left"><img src="res/images/asf_logo.svg" class="asf-logo" alt="The Apache Software Foundation"></a></div></div></header><main id="middle"><div><div id="mainLeft"><div id="nav-wrapper"><form action="https://www.google.com/search" method="get"><div class="searchbox"><input value="tomcat.apache.org" name="sitesearch" type="hidden"><input aria-label="Search text" placeholder="Search&hellip;" required="required" name="q" id="query" type="search"><button>GO</button></div></form><div class="asfevents"><a href="https://www.apache.org/events/current-event.html"><img src="https://www.apache.org/events/current-event-234x60.png" alt="Next ASF event"><br>
+              Save the date!
+            </a></div><nav><div><h2>Apache Tomcat</h2><ul><li><a href="./index.html">Home</a></li><li><a href="./taglibs.html">Taglibs</a></li><li><a href="./maven-plugin.html">Maven Plugin</a></li></ul></div><div><h2>Download</h2><ul><li><a href="./whichversion.html">Which version?</a></li><li><a href="https://tomcat.apache.org/download-90.cgi">Tomcat 9</a></li><li><a href="https://tomcat.apache.org/download-80.cgi">Tomcat 8</a></li><li><a href="https://tomcat.apache.org/download-70.cgi">Tomcat 7</a></li><li><a href="https://tomcat.apache.org/download-connectors.cgi">Tomcat Connectors</a></li><li><a href="https://tomcat.apache.org/download-native.cgi">Tomcat Native</a></li><li><a href="https://tomcat.apache.org/download-taglibs.cgi">Taglibs</a></li><li><a href="https://archive.apache.org/dist/tomcat/">Archives</a></li></ul></div><div><h2>Documentation</h2><ul><li><a href="./tomcat-9.0-doc/index.html">Tomcat 9.0</a></li><li><a href="./tomcat-8.5-doc/index.html">Tomcat 8.5</a></li><l
 i><a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a></li><li><a href="./connectors-doc/">Tomcat Connectors</a></li><li><a href="./native-doc/">Tomcat Native</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT">Wiki</a></li><li><a href="./migration.html">Migration Guide</a></li><li><a href="./presentations.html">Presentations</a></li></ul></div><div><h2>Problems?</h2><ul><li><a href="./security.html">Security Reports</a></li><li><a href="./findhelp.html">Find help</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ">FAQ</a></li><li><a href="./lists.html">Mailing Lists</a></li><li><a href="./bugreport.html">Bug Database</a></li><li><a href="./irc.html">IRC</a></li></ul></div><div><h2>Get Involved</h2><ul><li><a href="./getinvolved.html">Overview</a></li><li><a href="./source.html">Source code</a></li><li><a href="./ci.html">Buildbot</a></li><li><a href="https://cwiki.apache.org/confluence/x/vIPzBQ">Translations</a></li><li><a href="./tools
 .html">Tools</a></li></ul></div><div><h2>Media</h2><ul><li><a href="https://twitter.com/theapachetomcat">Twitter</a></li><li><a href="https://www.youtube.com/c/ApacheTomcatOfficial">YouTube</a></li><li><a href="https://blogs.apache.org/tomcat/">Blog</a></li></ul></div><div><h2>Misc</h2><ul><li><a href="./whoweare.html">Who We Are</a></li><li><a href="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat">Swag</a></li><li><a href="./heritage.html">Heritage</a></li><li><a href="http://www.apache.org">Apache Home</a></li><li><a href="./resources.html">Resources</a></li><li><a href="./contact.html">Contact</a></li><li><a href="./legal.html">Legal</a></li><li><a href="https://www.apache.org/foundation/contributing.html">Support Apache</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a href="http://www.apache.org/licenses/">License</a></li></ul></div></
 nav></div></div><div id="mainRight"><div id="content"><h2 style="display: none;">Content</h2><h3 id="Table_of_Contents">Table of Contents</h3><div class="text">
+<ul><li><a href="#Apache_Tomcat_10.x_vulnerabilities">Apache Tomcat 10.x vulnerabilities</a></li><li><a href="#Fixed_in_Apache_Tomcat_10.0.x">Fixed in Apache Tomcat 10.0.x</a></li></ul>
+</div><h3 id="Apache_Tomcat_10.x_vulnerabilities">Apache Tomcat 10.x vulnerabilities</h3><div class="text">
+    <p>This page lists all security vulnerabilities fixed in released versions
+       of Apache Tomcat 10.x. Each vulnerability is given a
+       <a href="security-impact.html">security impact rating</a> by the Apache
+       Tomcat security team &mdash; please note that this rating may vary from
+       platform to platform. We also list the versions of Apache Tomcat the flaw
+       is known to affect, and where a flaw has not been verified list the
+       version with a question mark.</p>
+
+    <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+       but have either been incorrectly reported against Tomcat or where Tomcat
+       provides a workaround are listed at the end of this page.</p>
+
+    <p>Please note that binary patches are never provided. If you need to
+       apply a source code patch, use the building instructions for the
+       Apache Tomcat version that you are using. For Tomcat 10.0 those are
+       <a href="/tomcat-10.0-doc/building.html"><code>building.html</code></a> and
+       <a href="/tomcat-10.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+       Both files can be found in the <code>webapps/docs</code> subdirectory
+       of a binary distribution. You may also want to review the
+       <a href="/tomcat-10.0-doc/security-howto.html">Security Considerations</a>
+       page in the documentation.</p>
+
+    <p>If you need help on building or configuring Tomcat or other help on
+       following the instructions to mitigate the known vulnerabilities listed
+       here, please send your questions to the public
+       <a href="lists.html">Tomcat Users mailing list</a>
+    </p>
+
+    <p>If you have encountered an unlisted security vulnerability or other
+       unexpected behaviour that has <a href="security-impact.html">security
+       impact</a>, or if the descriptions here are incomplete,
+       please report them privately to the
+       <a href="security.html">Tomcat Security Team</a>. Thank you.
+    </p>
+
+  </div><h3 id="Fixed_in_Apache_Tomcat_10.0.x">Fixed in Apache Tomcat 10.0.x</h3><div class="text">
+
+    <p>There are currently no known vulnerabilities for Apache Tomcat 10.0.x</p>
+
+  </div></div></div></div></main><footer id="footer">
+    Copyright &copy; 1999-2020, The Apache Software Foundation
+    <br>
+    Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
+    project logo are either registered trademarks or trademarks of the Apache
+    Software Foundation.
+  </footer></div><script src="res/js/tomcat.js"></script></body></html>
\ No newline at end of file

Propchange: tomcat/site/trunk/docs/security-10.html
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/site/trunk/docs/security.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Fri Feb 21 11:10:22 2020
@@ -19,6 +19,8 @@
     <p>Lists of security problems fixed in released versions of Apache Tomcat
        are available:</p>
     <ul>
+      <li><a href="security-10.html">Apache Tomcat 10.x Security Vulnerabilities
+          </a></li>
       <li><a href="security-9.html">Apache Tomcat 9.x Security Vulnerabilities
           </a></li>
       <li><a href="security-8.html">Apache Tomcat 8.x Security Vulnerabilities

Modified: tomcat/site/trunk/xdocs/findhelp.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/findhelp.xml?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/findhelp.xml (original)
+++ tomcat/site/trunk/xdocs/findhelp.xml Fri Feb 21 11:10:22 2020
@@ -17,7 +17,7 @@ of help are presented in the same order
 <p>The first resource to check is the documentation. In addition to the Tomcat
 documentation (make sure you check the documentation for the version you are
 using) you should also check the relevant Servlet and/or JSP
-<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+and+JSP+specifications">Specification</a>
+<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Specifications">Specification</a>
 documents. Much of Tomcat's behaviour is determined by these specifications and
 the information in them is not typically duplicated in the Tomcat
 documentation.</p>

Added: tomcat/site/trunk/xdocs/security-10.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-10.xml?rev=1874310&view=auto
==============================================================================
--- tomcat/site/trunk/xdocs/security-10.xml (added)
+++ tomcat/site/trunk/xdocs/security-10.xml Fri Feb 21 11:10:22 2020
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document>
+
+  <properties>
+    <author>Apache Tomcat Project</author>
+    <title>Apache Tomcat 10 vulnerabilities</title>
+  </properties>
+
+<body>
+
+<section name="Table of Contents">
+<toc/>
+</section>
+
+  <section name="Apache Tomcat 10.x vulnerabilities">
+    <p>This page lists all security vulnerabilities fixed in released versions
+       of Apache Tomcat 10.x. Each vulnerability is given a
+       <a href="security-impact.html">security impact rating</a> by the Apache
+       Tomcat security team &#x2014; please note that this rating may vary from
+       platform to platform. We also list the versions of Apache Tomcat the flaw
+       is known to affect, and where a flaw has not been verified list the
+       version with a question mark.</p>
+
+    <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+       but have either been incorrectly reported against Tomcat or where Tomcat
+       provides a workaround are listed at the end of this page.</p>
+
+    <p>Please note that binary patches are never provided. If you need to
+       apply a source code patch, use the building instructions for the
+       Apache Tomcat version that you are using. For Tomcat 10.0 those are
+       <a href="/tomcat-10.0-doc/building.html"><code>building.html</code></a> and
+       <a href="/tomcat-10.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+       Both files can be found in the <code>webapps/docs</code> subdirectory
+       of a binary distribution. You may also want to review the
+       <a href="/tomcat-10.0-doc/security-howto.html">Security Considerations</a>
+       page in the documentation.</p>
+
+    <p>If you need help on building or configuring Tomcat or other help on
+       following the instructions to mitigate the known vulnerabilities listed
+       here, please send your questions to the public
+       <a href="lists.html">Tomcat Users mailing list</a>
+    </p>
+
+    <p>If you have encountered an unlisted security vulnerability or other
+       unexpected behaviour that has <a href="security-impact.html">security
+       impact</a>, or if the descriptions here are incomplete,
+       please report them privately to the
+       <a href="security.html">Tomcat Security Team</a>. Thank you.
+    </p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat 10.0.x">
+
+    <p>There are currently no known vulnerabilities for Apache Tomcat 10.0.x</p>
+
+  </section>
+
+</body>
+</document>
+

Propchange: tomcat/site/trunk/xdocs/security-10.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/site/trunk/xdocs/security.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Feb 21 11:10:22 2020
@@ -25,6 +25,8 @@
     <p>Lists of security problems fixed in released versions of Apache Tomcat
        are available:</p>
     <ul>
+      <li><a href="security-10.html">Apache Tomcat 10.x Security Vulnerabilities
+          </a></li>
       <li><a href="security-9.html">Apache Tomcat 9.x Security Vulnerabilities
           </a></li>
       <li><a href="security-8.html">Apache Tomcat 8.x Security Vulnerabilities



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org