20070301.xml

rjung Thu, 17 May 2007 22:43:11 -0700

Author: rjung
Date: Thu May 17 22:42:49 2007
New Revision: 539263

URL: http://svn.apache.org/viewvc?view=rev&rev=539263
Log:
Prepare release of JK 1.2.23.


Modified:
    tomcat/connectors/branches/other/JK_1_2_23/jk/native/STATUS.txt
    tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/jk_version.h
    
tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/portable.h.sample
    tomcat/connectors/branches/other/JK_1_2_23/jk/native/configure.in
    tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/index.xml
    tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/news/20070301.xml

Modified: tomcat/connectors/branches/other/JK_1_2_23/jk/native/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/other/JK_1_2_23/jk/native/STATUS.txt?view=diff&rev=539263&r1=539262&r2=539263
==============================================================================
--- tomcat/connectors/branches/other/JK_1_2_23/jk/native/STATUS.txt (original)
+++ tomcat/connectors/branches/other/JK_1_2_23/jk/native/STATUS.txt Thu May 17 
22:42:49 2007
@@ -3,7 +3,7 @@
 
 Release:
 
-    1.2.23  : in development
+    1.2.23  : released May 18, 2007
     1.2.22  : released April 17, 2007
     1.2.21  : released March 1, 2007
     1.2.20  : released December 10, 2006

Modified: 
tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/jk_version.h
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/jk_version.h?view=diff&rev=539263&r1=539262&r2=539263
==============================================================================
--- tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/jk_version.h 
(original)
+++ tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/jk_version.h 
Thu May 17 22:42:49 2007
@@ -33,7 +33,7 @@
 #define JK_VERBETA      0
 #define JK_BETASTRING   "0"
 /* set JK_VERISRELEASE to 1 when release (do not forget to commit!) */
-#define JK_VERISRELEASE 0
+#define JK_VERISRELEASE 1
 #define JK_VERRC        0
 #define JK_RCSTRING     "0"
 

Modified: 
tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/portable.h.sample
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/portable.h.sample?view=diff&rev=539263&r1=539262&r2=539263
==============================================================================
--- 
tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/portable.h.sample 
(original)
+++ 
tomcat/connectors/branches/other/JK_1_2_23/jk/native/common/portable.h.sample 
Thu May 17 22:42:49 2007
@@ -93,4 +93,4 @@
 #define USE_SO_SNDTIMEO 1
 
 /* Version number of package */
-#define VERSION "1.2.22"
+#define VERSION "1.2.23"

Modified: tomcat/connectors/branches/other/JK_1_2_23/jk/native/configure.in
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/other/JK_1_2_23/jk/native/configure.in?view=diff&rev=539263&r1=539262&r2=539263
==============================================================================
--- tomcat/connectors/branches/other/JK_1_2_23/jk/native/configure.in (original)
+++ tomcat/connectors/branches/other/JK_1_2_23/jk/native/configure.in Thu May 
17 22:42:49 2007
@@ -11,7 +11,7 @@
 
 dnl package and version. (synchronization with common/jk_version.h ?)
 PACKAGE=mod_jk
-VERSION=1.2.22
+VERSION=1.2.23
 
 AM_INIT_AUTOMAKE(${PACKAGE}, ${VERSION})
 

Modified: tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/index.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/index.xml?view=diff&rev=539263&r1=539262&r2=539263
==============================================================================
--- tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/index.xml (original)
+++ tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/index.xml Thu May 17 
22:42:49 2007
@@ -29,6 +29,40 @@
 <section name="Headlines">
 <br />
 <ul>
+<li><a href="news/20070301.html#20070518.1">18 May 2007 - <b>JK-1.2.23 
released</b></a>
+<p>The Apache Tomcat team is proud to announce the immediate availability
+of Tomcat Connectors 1.2.23 Stable.
+</p>
+<p>This version addresses the security flaw:
+<br />
+<a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860";><b>CVE-2007-1860</b></a>
+A double encoded ".." in a URL can be used to access URLs on the AJP backend,
+for which no mod_jk forwarding rule exists (patch for CVE-2007-0450 was 
insufficient).
+</p><p>
+This version fixes the problem by using ForwardURICompatUnparsed
+as the default for the forwarding JkOption.
+You can similarly fix the problem for all previous versions of mod_jk by 
setting
+"JkOption ForwardURICompatUnparsed".
+If you upgrade to version 1.2.23 please ensure, that you do not have
+a different forwarding option in your existing configuration.
+We highly recommend, that you are consulting the
+<a href="reference/apache.html#Forwarding">forwarding documentation</a>,
+especially concerning the implications for interaction with mod_rewrite.
+</p><p>
+Please note that this issue only affects configurations,
+which use a prefix forwarding rule like "/myapp/*" or "/myapp/*.jsp"
+to restrict access to the context "/myapp". The issue will allow 
+malicious URLs to reach "/otherapp" or "/otherapp/*.jsp" as well.
+</p><p>
+The Tomcat Project thanks Kazu Nambo for his responsible reporting of this 
+vulnerability.
+</p>
+<p>Download the <a 
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz";>JK
 1.2.23 release sources</a>
+ | <a 
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz.asc";>PGP
 signature</a>
+</p>
+<p>Download the <a 
href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/";>binaries</a>
 for selected platforms.
+</p>
+</li>
 <li><a href="news/20070301.html#20070417.1">17 April 2007 - <b>JK-1.2.22 
released</b></a>
 <p>The Apache Tomcat team is proud to announce the immediate availability
 of Tomcat Connectors 1.2.22 Stable.

Modified: tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/news/20070301.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/news/20070301.xml?view=diff&rev=539263&r1=539262&r2=539263
==============================================================================
--- tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/news/20070301.xml 
(original)
+++ tomcat/connectors/branches/other/JK_1_2_23/jk/xdocs/news/20070301.xml Thu 
May 17 22:42:49 2007
@@ -15,14 +15,14 @@
 
 <section name="2007 News &amp; Status">
 <br />
-<a name="20070301.1"> 
-<h3>1 March - JK-1.2.21 released</h3>
+<a name="20070518.1"> 
+<h3>18 May - JK-1.2.23 released</h3>
 </a>
 <p>The Apache Tomcat team is proud to announce the immediate availability
-of Tomcat Connectors 1.2.21. This is a stable release adding new features
-and a few bug fixes to version 1.2.20.
+of Tomcat Connectors 1.2.23. This is a stable release adding new features
+and a few bug fixes to version 1.2.23.
 </p><p>
-It fixes a <a href="../security-jk.html">Critical vulnerability</a> introduced 
in version 1.2.19
+It fixes an <a href="http://tomcat.apache.org/security-jk.html";>Important 
vulnerability</a>.
 </p><p>
  Please see the <a href="../miscellaneous/changelog.html">ChangeLog</a> for a 
full list of changes.
 </p>
@@ -37,6 +37,22 @@
 <p>The Apache Tomcat team is proud to announce the immediate availability
 of Tomcat Connectors 1.2.22. This is a stable release adding new features
 and a few bug fixes to version 1.2.22.
+</p><p>
+ Please see the <a href="../miscellaneous/changelog.html">ChangeLog</a> for a 
full list of changes.
+</p>
+<p>If you find any bugs while using this release, please fill in the
+<a 
href="http://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%205";>Bugzilla</a>
+Bug Report. When entering bug select <b>Native:JK</b> Component.
+</p>
+<hr size="1" noshade="noshade" />
+<a name="20070301.1"> 
+<h3>1 March - JK-1.2.21 released</h3>
+</a>
+<p>The Apache Tomcat team is proud to announce the immediate availability
+of Tomcat Connectors 1.2.21. This is a stable release adding new features
+and a few bug fixes to version 1.2.20.
+</p><p>
+It fixes a <a href="http://tomcat.apache.org/security-jk.html";>Critical 
vulnerability</a> introduced in version 1.2.19
 </p><p>
  Please see the <a href="../miscellaneous/changelog.html">ChangeLog</a> for a 
full list of changes.
 </p>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r539263 - in /tomcat/connectors/branches/other/JK_1_2_23/jk: native/STATUS.txt native/common/jk_version.h native/common/portable.h.sample native/configure.in xdocs/index.xml xdocs/news/20070301.xml

Reply via email to