RELEASE-NOTES-4.1.txt

markt Thu, 25 Sep 2008 04:38:37 -0700

Author: markt
Date: Thu Sep 25 04:38:10 2008
New Revision: 698929

URL: http://svn.apache.org/viewvc?rev=698929&view=rev
Log:
Update release notes ready for 4.1.38


Modified:
    tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt

Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
URL: 
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt?rev=698929&r1=698928&r2=698929&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt (original)
+++ tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Thu Sep 25 04:38:10 
2008
@@ -1736,6 +1736,10 @@
 [4.1.38] #44562
          HEAD requests failed with rd.include(). Patch provided by David 
Jencks.
 
+[4.1.38] Request Dispatcher
+         Extract the query string befire the URI is normalised.
+         This is CVE-2008-2370
+
 
 ----------------
 Coyote Bug Fixes:
@@ -2005,10 +2009,15 @@
 
 [4.1.38] CoyoteConnector
          Add additional checks for URI normalization.
+         This is CVE-2008-2938
 
 [4.1.38] CoyoteConnector
          Remove JDK 1.4 dependency.
 
+[4.1.38] CoyoteConnector
+         Don't used custom status messages in HTTP headers.
+         This is CVE-2008-1232
+
 ----------------
 Jasper Bug Fixes:
 ----------------



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r698929 - /tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt

Reply via email to