You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/21 11:10:23 UTC
svn commit: r1874310 - in /tomcat/site/trunk: docs/findhelp.html
docs/security-10.html docs/security.html xdocs/findhelp.xml
xdocs/security-10.xml xdocs/security.xml
Author: markt
Date: Fri Feb 21 11:10:22 2020
New Revision: 1874310
URL: http://svn.apache.org/viewvc?rev=1874310&view=rev
Log:
Add Tomcat 10 to security and help pages
Added:
tomcat/site/trunk/docs/security-10.html (with props)
tomcat/site/trunk/xdocs/security-10.xml (with props)
Modified:
tomcat/site/trunk/docs/findhelp.html
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/findhelp.xml
tomcat/site/trunk/xdocs/security.xml
Modified: tomcat/site/trunk/docs/findhelp.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/findhelp.html?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/docs/findhelp.html (original)
+++ tomcat/site/trunk/docs/findhelp.html Fri Feb 21 11:10:22 2020
@@ -11,7 +11,7 @@ of help are presented in the same order
<p>The first resource to check is the documentation. In addition to the Tomcat
documentation (make sure you check the documentation for the version you are
using) you should also check the relevant Servlet and/or JSP
-<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+and+JSP+specifications">Specification</a>
+<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Specifications">Specification</a>
documents. Much of Tomcat's behaviour is determined by these specifications and
the information in them is not typically duplicated in the Tomcat
documentation.</p>
Added: tomcat/site/trunk/docs/security-10.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1874310&view=auto
==============================================================================
--- tomcat/site/trunk/docs/security-10.html (added)
+++ tomcat/site/trunk/docs/security-10.html Fri Feb 21 11:10:22 2020
@@ -0,0 +1,52 @@
+<!DOCTYPE html SYSTEM "about:legacy-compat">
+<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link href="res/css/tomcat.css" rel="stylesheet" type="text/css"><link href="res/css/fonts/fonts.css" rel="stylesheet" type="text/css"><title>Apache Tomcat® - Apache Tomcat 10 vulnerabilities</title><meta name="author" content="Apache Tomcat Project"></head><body><div id="wrapper"><header id="header"><div class="clearfix"><div class="menu-toggler pull-left" tabindex="1"><div class="hamburger"></div></div><a href="http://tomcat.apache.org/"><img class="tomcat-logo pull-left noPrint" alt="Tomcat Home" src="res/images/tomcat.png"></a><h1 class="pull-left">Apache Tomcat<sup>®</sup></h1><div class="asf-logos pull-right"><a href="https://www.apache.org/foundation/contributing.html" target="_blank" class="pull-left"><img src="https://www.apache.org/images/SupportApache-small.png" class="support-asf" alt="Support Apache"></a><a
href="http://www.apache.org/" target="_blank" class="pull-left"><img src="res/images/asf_logo.svg" class="asf-logo" alt="The Apache Software Foundation"></a></div></div></header><main id="middle"><div><div id="mainLeft"><div id="nav-wrapper"><form action="https://www.google.com/search" method="get"><div class="searchbox"><input value="tomcat.apache.org" name="sitesearch" type="hidden"><input aria-label="Search text" placeholder="Search…" required="required" name="q" id="query" type="search"><button>GO</button></div></form><div class="asfevents"><a href="https://www.apache.org/events/current-event.html"><img src="https://www.apache.org/events/current-event-234x60.png" alt="Next ASF event"><br>
+ Save the date!
+ </a></div><nav><div><h2>Apache Tomcat</h2><ul><li><a href="./index.html">Home</a></li><li><a href="./taglibs.html">Taglibs</a></li><li><a href="./maven-plugin.html">Maven Plugin</a></li></ul></div><div><h2>Download</h2><ul><li><a href="./whichversion.html">Which version?</a></li><li><a href="https://tomcat.apache.org/download-90.cgi">Tomcat 9</a></li><li><a href="https://tomcat.apache.org/download-80.cgi">Tomcat 8</a></li><li><a href="https://tomcat.apache.org/download-70.cgi">Tomcat 7</a></li><li><a href="https://tomcat.apache.org/download-connectors.cgi">Tomcat Connectors</a></li><li><a href="https://tomcat.apache.org/download-native.cgi">Tomcat Native</a></li><li><a href="https://tomcat.apache.org/download-taglibs.cgi">Taglibs</a></li><li><a href="https://archive.apache.org/dist/tomcat/">Archives</a></li></ul></div><div><h2>Documentation</h2><ul><li><a href="./tomcat-9.0-doc/index.html">Tomcat 9.0</a></li><li><a href="./tomcat-8.5-doc/index.html">Tomcat 8.5</a></li><l
i><a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a></li><li><a href="./connectors-doc/">Tomcat Connectors</a></li><li><a href="./native-doc/">Tomcat Native</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT">Wiki</a></li><li><a href="./migration.html">Migration Guide</a></li><li><a href="./presentations.html">Presentations</a></li></ul></div><div><h2>Problems?</h2><ul><li><a href="./security.html">Security Reports</a></li><li><a href="./findhelp.html">Find help</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ">FAQ</a></li><li><a href="./lists.html">Mailing Lists</a></li><li><a href="./bugreport.html">Bug Database</a></li><li><a href="./irc.html">IRC</a></li></ul></div><div><h2>Get Involved</h2><ul><li><a href="./getinvolved.html">Overview</a></li><li><a href="./source.html">Source code</a></li><li><a href="./ci.html">Buildbot</a></li><li><a href="https://cwiki.apache.org/confluence/x/vIPzBQ">Translations</a></li><li><a href="./tools
.html">Tools</a></li></ul></div><div><h2>Media</h2><ul><li><a href="https://twitter.com/theapachetomcat">Twitter</a></li><li><a href="https://www.youtube.com/c/ApacheTomcatOfficial">YouTube</a></li><li><a href="https://blogs.apache.org/tomcat/">Blog</a></li></ul></div><div><h2>Misc</h2><ul><li><a href="./whoweare.html">Who We Are</a></li><li><a href="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat">Swag</a></li><li><a href="./heritage.html">Heritage</a></li><li><a href="http://www.apache.org">Apache Home</a></li><li><a href="./resources.html">Resources</a></li><li><a href="./contact.html">Contact</a></li><li><a href="./legal.html">Legal</a></li><li><a href="https://www.apache.org/foundation/contributing.html">Support Apache</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a href="http://www.apache.org/licenses/">License</a></li></ul></div></
nav></div></div><div id="mainRight"><div id="content"><h2 style="display: none;">Content</h2><h3 id="Table_of_Contents">Table of Contents</h3><div class="text">
+<ul><li><a href="#Apache_Tomcat_10.x_vulnerabilities">Apache Tomcat 10.x vulnerabilities</a></li><li><a href="#Fixed_in_Apache_Tomcat_10.0.x">Fixed in Apache Tomcat 10.0.x</a></li></ul>
+</div><h3 id="Apache_Tomcat_10.x_vulnerabilities">Apache Tomcat 10.x vulnerabilities</h3><div class="text">
+ <p>This page lists all security vulnerabilities fixed in released versions
+ of Apache Tomcat 10.x. Each vulnerability is given a
+ <a href="security-impact.html">security impact rating</a> by the Apache
+ Tomcat security team — please note that this rating may vary from
+ platform to platform. We also list the versions of Apache Tomcat the flaw
+ is known to affect, and where a flaw has not been verified list the
+ version with a question mark.</p>
+
+ <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
+
+ <p>Please note that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 10.0 those are
+ <a href="/tomcat-10.0-doc/building.html"><code>building.html</code></a> and
+ <a href="/tomcat-10.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+ Both files can be found in the <code>webapps/docs</code> subdirectory
+ of a binary distribution. You may also want to review the
+ <a href="/tomcat-10.0-doc/security-howto.html">Security Considerations</a>
+ page in the documentation.</p>
+
+ <p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+ </p>
+
+ <p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
+
+ </div><h3 id="Fixed_in_Apache_Tomcat_10.0.x">Fixed in Apache Tomcat 10.0.x</h3><div class="text">
+
+ <p>There are currently no known vulnerabilities for Apache Tomcat 10.0.x</p>
+
+ </div></div></div></div></main><footer id="footer">
+ Copyright © 1999-2020, The Apache Software Foundation
+ <br>
+ Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
+ project logo are either registered trademarks or trademarks of the Apache
+ Software Foundation.
+ </footer></div><script src="res/js/tomcat.js"></script></body></html>
\ No newline at end of file
Propchange: tomcat/site/trunk/docs/security-10.html
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/site/trunk/docs/security.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Fri Feb 21 11:10:22 2020
@@ -19,6 +19,8 @@
<p>Lists of security problems fixed in released versions of Apache Tomcat
are available:</p>
<ul>
+ <li><a href="security-10.html">Apache Tomcat 10.x Security Vulnerabilities
+ </a></li>
<li><a href="security-9.html">Apache Tomcat 9.x Security Vulnerabilities
</a></li>
<li><a href="security-8.html">Apache Tomcat 8.x Security Vulnerabilities
Modified: tomcat/site/trunk/xdocs/findhelp.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/findhelp.xml?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/findhelp.xml (original)
+++ tomcat/site/trunk/xdocs/findhelp.xml Fri Feb 21 11:10:22 2020
@@ -17,7 +17,7 @@ of help are presented in the same order
<p>The first resource to check is the documentation. In addition to the Tomcat
documentation (make sure you check the documentation for the version you are
using) you should also check the relevant Servlet and/or JSP
-<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+and+JSP+specifications">Specification</a>
+<a href="https://cwiki.apache.org/confluence/display/TOMCAT/Specifications">Specification</a>
documents. Much of Tomcat's behaviour is determined by these specifications and
the information in them is not typically duplicated in the Tomcat
documentation.</p>
Added: tomcat/site/trunk/xdocs/security-10.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-10.xml?rev=1874310&view=auto
==============================================================================
--- tomcat/site/trunk/xdocs/security-10.xml (added)
+++ tomcat/site/trunk/xdocs/security-10.xml Fri Feb 21 11:10:22 2020
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document>
+
+ <properties>
+ <author>Apache Tomcat Project</author>
+ <title>Apache Tomcat 10 vulnerabilities</title>
+ </properties>
+
+<body>
+
+<section name="Table of Contents">
+<toc/>
+</section>
+
+ <section name="Apache Tomcat 10.x vulnerabilities">
+ <p>This page lists all security vulnerabilities fixed in released versions
+ of Apache Tomcat 10.x. Each vulnerability is given a
+ <a href="security-impact.html">security impact rating</a> by the Apache
+ Tomcat security team — please note that this rating may vary from
+ platform to platform. We also list the versions of Apache Tomcat the flaw
+ is known to affect, and where a flaw has not been verified list the
+ version with a question mark.</p>
+
+ <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
+
+ <p>Please note that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 10.0 those are
+ <a href="/tomcat-10.0-doc/building.html"><code>building.html</code></a> and
+ <a href="/tomcat-10.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+ Both files can be found in the <code>webapps/docs</code> subdirectory
+ of a binary distribution. You may also want to review the
+ <a href="/tomcat-10.0-doc/security-howto.html">Security Considerations</a>
+ page in the documentation.</p>
+
+ <p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+ </p>
+
+ <p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
+
+ </section>
+
+ <section name="Fixed in Apache Tomcat 10.0.x">
+
+ <p>There are currently no known vulnerabilities for Apache Tomcat 10.0.x</p>
+
+ </section>
+
+</body>
+</document>
+
Propchange: tomcat/site/trunk/xdocs/security-10.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/site/trunk/xdocs/security.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=1874310&r1=1874309&r2=1874310&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Feb 21 11:10:22 2020
@@ -25,6 +25,8 @@
<p>Lists of security problems fixed in released versions of Apache Tomcat
are available:</p>
<ul>
+ <li><a href="security-10.html">Apache Tomcat 10.x Security Vulnerabilities
+ </a></li>
<li><a href="security-9.html">Apache Tomcat 9.x Security Vulnerabilities
</a></li>
<li><a href="security-8.html">Apache Tomcat 8.x Security Vulnerabilities
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org