You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/09/25 13:38:11 UTC

svn commit: r698929 - /tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt

Author: markt
Date: Thu Sep 25 04:38:10 2008
New Revision: 698929

URL: http://svn.apache.org/viewvc?rev=698929&view=rev
Log:
Update release notes ready for 4.1.38

Modified:
    tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt

Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt?rev=698929&r1=698928&r2=698929&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt (original)
+++ tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Thu Sep 25 04:38:10 2008
@@ -1736,6 +1736,10 @@
 [4.1.38] #44562
          HEAD requests failed with rd.include(). Patch provided by David Jencks.
 
+[4.1.38] Request Dispatcher
+         Extract the query string befire the URI is normalised.
+         This is CVE-2008-2370
+
 
 ----------------
 Coyote Bug Fixes:
@@ -2005,10 +2009,15 @@
 
 [4.1.38] CoyoteConnector
          Add additional checks for URI normalization.
+         This is CVE-2008-2938
 
 [4.1.38] CoyoteConnector
          Remove JDK 1.4 dependency.
 
+[4.1.38] CoyoteConnector
+         Don't used custom status messages in HTTP headers.
+         This is CVE-2008-1232
+
 ----------------
 Jasper Bug Fixes:
 ----------------



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org