On Mon, Jun 30, 2008 at 10:48:16PM -0400, Alex Mizrahi wrote: > Package: libapache2-mod-jk > Version: 1:1.2.18-3etch1 > Severity: important > > after update to 1.2.18-3etch1 (not sure about that), > mod_jk stopped using URL produced by mod_rewrite, but > used original URL instead. upgrading to a version > from backports fixed the problem. > > relevant piece of config: > JkMount /we-tag/servlet/* ajp13 > > RewriteEngine on > RewriteRule ^/api/(\w+)/?$ /we-tag/servlet/LspExec?action=$1 [PT,QSA]
This was a default behavior change in the package due to a fix for CVE 2007-1860 [1]. Upstream also has made this change and documented that. I close this bug as its expected behavior. Cheers, Michael [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
