You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/09/25 13:38:11 UTC
svn commit: r698929 -
/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
Author: markt
Date: Thu Sep 25 04:38:10 2008
New Revision: 698929
URL: http://svn.apache.org/viewvc?rev=698929&view=rev
Log:
Update release notes ready for 4.1.38
Modified:
tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt?rev=698929&r1=698928&r2=698929&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt (original)
+++ tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Thu Sep 25 04:38:10 2008
@@ -1736,6 +1736,10 @@
[4.1.38] #44562
HEAD requests failed with rd.include(). Patch provided by David Jencks.
+[4.1.38] Request Dispatcher
+ Extract the query string befire the URI is normalised.
+ This is CVE-2008-2370
+
----------------
Coyote Bug Fixes:
@@ -2005,10 +2009,15 @@
[4.1.38] CoyoteConnector
Add additional checks for URI normalization.
+ This is CVE-2008-2938
[4.1.38] CoyoteConnector
Remove JDK 1.4 dependency.
+[4.1.38] CoyoteConnector
+ Don't used custom status messages in HTTP headers.
+ This is CVE-2008-1232
+
----------------
Jasper Bug Fixes:
----------------
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org