You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Filip Hanik - Dev Lists <de...@hanik.com> on 2007/09/08 17:14:54 UTC
[ANN] Apache Tomcat 5.5.25 released
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 5.5.25 stable.
Apache Tomcat 5.5.25 incorporates numerous security updates and bug fixes.
Please refer to the change log for the list of changes:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
Downloads:
http://tomcat.apache.org/download-55.cgi
Thank you,
-- The Apache Tomcat Team
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date:
2/27/2007 3:24 PM
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 5.5.25 released
Posted by Mark Thomas <ma...@apache.org>.
Timothy Wonil Lee wrote:
> I am especially interested in those two session hijacking vulnerability
> fixes. Are they included in 5.5.25?
Yes.
> Second question is: if they are fixed in 5.5.25, is it possible to just drop
> in the Jar files (catalina.jar?) to the current production Tomcat server/lib
> (it's 5.5.23) to apply the security fixes?
It *might* appear to work but this is a very risky approach.
> (I guess i'd have to restart Tomcat still)
If you did this, yes you'd have to restart Tomcat
> Or must I re-install the whole package?
This is by far the better option.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: [ANN] Apache Tomcat 5.5.25 released
Posted by Timothy Wonil Lee <ti...@koorong.com.au>.
I have two questions regarding security fixes included in 5.5.25
On changelog page (http://tomcat.apache.org/tomcat-5.5-doc/changelog.html),
two security fixes are included: Fix XSS security vulnerability
(CVE-2007-2450) and Fix XSS security vulnerabilities (CVE-2007-2449)
But on Security Reports page(http://tomcat.apache.org/security-5.html),
three more vulnerabilities are reported as fixed (in 5.5 HEAD): Session
hi-jacking CVE-2007-3382, Session hi-jacking CVE-2007-3385, and
Cross-site scripting CVE-2007-3386.
I am especially interested in those two session hijacking vulnerability
fixes. Are they included in 5.5.25?
Second question is: if they are fixed in 5.5.25, is it possible to just drop
in the Jar files (catalina.jar?) to the current production Tomcat server/lib
(it's 5.5.23) to apply the security fixes? (I guess i'd have to restart
Tomcat still) Or must I re-install the whole package?
Thanks for help in advance.
Timothy Wonil Lee
Java Developer
Koorong Books
email: timothyl@koorong.com
direct ph: (+612) 9857 4448
direct fax: (+612) 9857 6648
http://www.google.com/reader/shared/16849249410805339619
http://timundergod.blogspot.com/
-----Original Message-----
From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
Sent: Sunday, 9 September 2007 4:08 AM
To: Tomcat Users List
Cc: Tomcat Developers List
Subject: Re: [ANN] Apache Tomcat 5.5.25 released
Thanks, it's underway, syncing to mirrors as we speak
Filip
RuiXian BAO wrote:
> On 9/8/07, Filip Hanik - Dev Lists <de...@hanik.com> wrote:
>
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 5.5.25 stable.
>>
>> Apache Tomcat 5.5.25 incorporates numerous security updates and bug
fixes.
>> Please refer to the change log for the list of changes:
>> http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
>>
>
>
> Thanks, but the above page does not contain the 5.5.25 release change
yet:)
>
> Best
>
> - RuiXian
>
> Downloads:
>
>> http://tomcat.apache.org/download-55.cgi
>>
>> Thank you,
>>
>> -- The Apache Tomcat Team
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date:
>> 2/27/2007 3:24 PM
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.485 / Virus Database: 269.13.9/994 - Release Date: 9/7/2007
4:40 PM
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
!DSPAM:46e2e52b43091562027968!
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 5.5.25 released
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
Thanks, it's underway, syncing to mirrors as we speak
Filip
RuiXian BAO wrote:
> On 9/8/07, Filip Hanik - Dev Lists <de...@hanik.com> wrote:
>
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 5.5.25 stable.
>>
>> Apache Tomcat 5.5.25 incorporates numerous security updates and bug fixes.
>> Please refer to the change log for the list of changes:
>> http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
>>
>
>
> Thanks, but the above page does not contain the 5.5.25 release change yet:)
>
> Best
>
> - RuiXian
>
> Downloads:
>
>> http://tomcat.apache.org/download-55.cgi
>>
>> Thank you,
>>
>> -- The Apache Tomcat Team
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date:
>> 2/27/2007 3:24 PM
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.485 / Virus Database: 269.13.9/994 - Release Date: 9/7/2007 4:40 PM
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 5.5.25 released
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
Thanks, it's underway, syncing to mirrors as we speak
Filip
RuiXian BAO wrote:
> On 9/8/07, Filip Hanik - Dev Lists <de...@hanik.com> wrote:
>
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 5.5.25 stable.
>>
>> Apache Tomcat 5.5.25 incorporates numerous security updates and bug fixes.
>> Please refer to the change log for the list of changes:
>> http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
>>
>
>
> Thanks, but the above page does not contain the 5.5.25 release change yet:)
>
> Best
>
> - RuiXian
>
> Downloads:
>
>> http://tomcat.apache.org/download-55.cgi
>>
>> Thank you,
>>
>> -- The Apache Tomcat Team
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date:
>> 2/27/2007 3:24 PM
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.485 / Virus Database: 269.13.9/994 - Release Date: 9/7/2007 4:40 PM
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 5.5.25 released
Posted by RuiXian BAO <ru...@gmail.com>.
On 9/8/07, Filip Hanik - Dev Lists <de...@hanik.com> wrote:
>
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 5.5.25 stable.
>
> Apache Tomcat 5.5.25 incorporates numerous security updates and bug fixes.
> Please refer to the change log for the list of changes:
> http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
Thanks, but the above page does not contain the 5.5.25 release change yet:)
Best
- RuiXian
Downloads:
> http://tomcat.apache.org/download-55.cgi
>
> Thank you,
>
> -- The Apache Tomcat Team
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date:
> 2/27/2007 3:24 PM
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>