You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/10/14 12:41:28 UTC
svn commit: r1183288 - in /tomcat/site/trunk: docs/security-6.html
xdocs/security-6.xml
Author: kkolinko
Date: Fri Oct 14 10:41:28 2011
New Revision: 1183288
URL: http://svn.apache.org/viewvc?rev=1183288&view=rev
Log:
Update summary section on security-6.html page.
The pages for other Tomcat versions will be updated later.
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1183288&r1=1183287&r2=1183288&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Oct 14 10:41:28 2011
@@ -264,19 +264,41 @@
<p>This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 6.x. Each vulnerability is given a
<a href="security-impact.html">security impact rating</a> by the Apache
- Tomcat security team - please note that this rating may vary from
+ Tomcat security team — please note that this rating may vary from
platform to platform. We also list the versions of Apache Tomcat the flaw
is known to affect, and where a flaw has not been verified list the
version with a question mark.</p>
-<p>Note: Vulnerabilities that are not Tomcat vulnerabilities but have either
- been incorrectly reported against Tomcat or where Tomcat provides a
- workaround are listed at the end of this page.</p>
+<p>
+<strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
+
+
+<p>Please note, that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 6.0 those are
+ <a href="/tomcat-6.0-doc/building.html"><code>building.html</code></a> and
+ <a href="/tomcat-6.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+ Both files can be found in the <code>webapps/docs</code> subdirectory
+ of a binary distributive.</p>
+
+
+<p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+
+</p>
-<p>Please send comments or corrections for these vulnerabilities to the
- <a href="mailto:security@tomcat.apache.org">Tomcat Security Team</a>.</p>
+<p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
</blockquote>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1183288&r1=1183287&r2=1183288&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Oct 14 10:41:28 2011
@@ -16,17 +16,35 @@
<p>This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 6.x. Each vulnerability is given a
<a href="security-impact.html">security impact rating</a> by the Apache
- Tomcat security team - please note that this rating may vary from
+ Tomcat security team — please note that this rating may vary from
platform to platform. We also list the versions of Apache Tomcat the flaw
is known to affect, and where a flaw has not been verified list the
version with a question mark.</p>
- <p>Note: Vulnerabilities that are not Tomcat vulnerabilities but have either
- been incorrectly reported against Tomcat or where Tomcat provides a
- workaround are listed at the end of this page.</p>
+ <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
+
+ <p>Please note, that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 6.0 those are
+ <a href="/tomcat-6.0-doc/building.html"><code>building.html</code></a> and
+ <a href="/tomcat-6.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+ Both files can be found in the <code>webapps/docs</code> subdirectory
+ of a binary distributive.</p>
+
+ <p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+ </p>
- <p>Please send comments or corrections for these vulnerabilities to the
- <a href="mailto:security@tomcat.apache.org">Tomcat Security Team</a>.</p>
+ <p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org