You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Brian McCallister <br...@frums.net> on 2002/12/05 17:16:37 UTC

mod_jk Vulnerability

In reference to the mod_jk 1.2 vulnerability listed on BugTraq earlier
today:
http://online.securityfocus.com/archive/1/302169/2002-12-02/2002-12-08/0http://online.securityfocus.com/archive/1/302169/2002-12-02/2002-12-08/0

I went to check my tomcat set up and was vastly surprised to find that
it appears I am running mod_jk 1.3 or 1.4! I find this vastly surprising
because it look slike 1.2.1 is the newest release.

I installed via rpm off of
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/archives/v4.0.3/rpms/ which still lists the rpm's I used.

I gathered the info about the 1.2.1 being the newest release from
http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/

Can anyone clarify things on the version numbers attached to the rpms?

Thanks,
Brian


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>