Author: kkolinko
Date: Fri Oct 14 11:01:30 2011
New Revision: 1183296
URL: http://svn.apache.org/viewvc?rev=1183296&view=rev
Log:
Amend security pages for Tomcat 5.5 and 7.0.
Add links to build instructions.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1183296&r1=1183295&r2=1183296&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Oct 14 11:01:30 2011
@@ -279,27 +279,49 @@
<p>This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 5.x. Each vulnerability is given a
<a href="security-impact.html">security impact rating</a> by the Apache
- Tomcat security team - please note that this rating may vary from
+ Tomcat security team — please note that this rating may vary from
platform to platform. We also list the versions of Apache Tomcat the
flaw
is known to affect, and where a flaw has not been verified list the
version with a question mark.</p>
-<p>Please send comments or corrections for these vulnerabilities to the
- <a href="mailto:secur...@tomcat.apache.org";>Tomcat Security
Team</a>.</p>
-
-
-<p>Note: Vulnerabilities that are not Tomcat vulnerabilities but have either
- been incorrectly reported against Tomcat or where Tomcat provides a
- workaround are listed at the end of this page.</p>
+<p>
+<strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
<p>Please note that Tomcat 5.0.x is no longer supported. Further
vulnerabilities in the 5.0.x branch will not be fixed. Users should
- upgrade to 5.5.x or 6.x to obtain security fixes. Vulnerabilities fixed
+ upgrade to 5.5.x, 6.x or 7.x to obtain security fixes. Vulnerabilities
fixed
in Tomcat 5.5.26 onwards have not been assessed to determine if they are
present in the 5.0.x branch.</p>
+
+<p>Please note, that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 5.5 those are
+ <a href="/tomcat-5.5-doc/building.html"><code>building.html</code></a>
+ in documentation (<code>webapps/tomcat-docs</code> subdirectory of
+ a binary distributive) and <code>BUILDING.txt</code> file in a source
+ distributive.</p>
+
+
+<p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+
+</p>
+
+
+<p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
+
</blockquote>
</p>
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1183296&r1=1183295&r2=1183296&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Fri Oct 14 11:01:30 2011
@@ -255,14 +255,44 @@
<p>This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 7.x. Each vulnerability is given a
<a href="security-impact.html">security impact rating</a> by the Apache
- Tomcat security team - please note that this rating may vary from
+ Tomcat security team — please note that this rating may vary from
platform to platform. We also list the versions of Apache Tomcat the
flaw
is known to affect, and where a flaw has not been verified list the
version with a question mark.</p>
-<p>Please send comments or corrections for these vulnerabilities to the
- <a href="mailto:secur...@tomcat.apache.org";>Tomcat Security
Team</a>.</p>
+<p>
+<strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
+
+
+<p>Please note, that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 7.0 those are
+ <a href="/tomcat-7.0-doc/building.html"><code>building.html</code></a>
and
+ <a href="/tomcat-7.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+ Both files can be found in the <code>webapps/docs</code> subdirectory
+ of a binary distributive. You may also want to review the
+ <a href="/tomcat-7.0-doc/security-howto.html">Security
Considerations</a>
+ page in the documentation.</p>
+
+
+<p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+
+</p>
+
+
+<p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
+
</blockquote>
</p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1183296&r1=1183295&r2=1183296&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Oct 14 11:01:30 2011
@@ -16,24 +16,42 @@
<p>This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 5.x. Each vulnerability is given a
<a href="security-impact.html">security impact rating</a> by the Apache
- Tomcat security team - please note that this rating may vary from
+ Tomcat security team — please note that this rating may vary from
platform to platform. We also list the versions of Apache Tomcat the
flaw
is known to affect, and where a flaw has not been verified list the
version with a question mark.</p>
- <p>Please send comments or corrections for these vulnerabilities to the
- <a href="mailto:secur...@tomcat.apache.org";>Tomcat Security
Team</a>.</p>
-
- <p>Note: Vulnerabilities that are not Tomcat vulnerabilities but have
either
- been incorrectly reported against Tomcat or where Tomcat provides a
- workaround are listed at the end of this page.</p>
+ <p><strong>Note:</strong> Vulnerabilities that are not Tomcat
vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
<p>Please note that Tomcat 5.0.x is no longer supported. Further
vulnerabilities in the 5.0.x branch will not be fixed. Users should
- upgrade to 5.5.x or 6.x to obtain security fixes. Vulnerabilities fixed
+ upgrade to 5.5.x, 6.x or 7.x to obtain security fixes. Vulnerabilities
fixed
in Tomcat 5.5.26 onwards have not been assessed to determine if they are
present in the 5.0.x branch.</p>
+ <p>Please note, that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 5.5 those are
+ <a href="/tomcat-5.5-doc/building.html"><code>building.html</code></a>
+ in documentation (<code>webapps/tomcat-docs</code> subdirectory of
+ a binary distributive) and <code>BUILDING.txt</code> file in a source
+ distributive.</p>
+
+ <p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+ </p>
+
+ <p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
+
</section>
<!--
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1183296&r1=1183295&r2=1183296&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Fri Oct 14 11:01:30 2011
@@ -16,13 +16,38 @@
<p>This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 7.x. Each vulnerability is given a
<a href="security-impact.html">security impact rating</a> by the Apache
- Tomcat security team - please note that this rating may vary from
+ Tomcat security team — please note that this rating may vary from
platform to platform. We also list the versions of Apache Tomcat the
flaw
is known to affect, and where a flaw has not been verified list the
version with a question mark.</p>
- <p>Please send comments or corrections for these vulnerabilities to the
- <a href="mailto:secur...@tomcat.apache.org";>Tomcat Security
Team</a>.</p>
+ <p><strong>Note:</strong> Vulnerabilities that are not Tomcat
vulnerabilities
+ but have either been incorrectly reported against Tomcat or where Tomcat
+ provides a workaround are listed at the end of this page.</p>
+
+ <p>Please note, that binary patches are never provided. If you need to
+ apply a source code patch, use the building instructions for the
+ Apache Tomcat version that you are using. For Tomcat 7.0 those are
+ <a href="/tomcat-7.0-doc/building.html"><code>building.html</code></a>
and
+ <a href="/tomcat-7.0-doc/BUILDING.txt"><code>BUILDING.txt</code></a>.
+ Both files can be found in the <code>webapps/docs</code> subdirectory
+ of a binary distributive. You may also want to review the
+ <a href="/tomcat-7.0-doc/security-howto.html">Security
Considerations</a>
+ page in the documentation.</p>
+
+ <p>If you need help on building or configuring Tomcat or other help on
+ following the instructions to mitigate the known vulnerabilities listed
+ here, please send your questions to the public
+ <a href="lists.html">Tomcat Users mailing list</a>
+ </p>
+
+ <p>If you have encountered an unlisted security vulnerability or other
+ unexpected behaviour that has <a href="security-impact.html">security
+ impact</a>, or if the descriptions here are incomplete,
+ please report them privately to the
+ <a href="security.html">Tomcat Security Team</a>. Thank you.
+ </p>
+
</section>
<section name="Fixed in Apache Tomcat 7.0.21" rtext="released 1 Sep 2011">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
