svn commit: r808462 - in /tomcat/site/trunk: docs/security-5.html xdocs/security-5.xml
Author: markt Date: Thu Aug 27 15:37:21 2009 New Revision: 808462 URL: http://svn.apache.org/viewvc?rev=808462&view=rev Log: Update for 5.5.28 Modified: tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/xdocs/security-5.xml Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=808462&r1=808461&r2=808462&view=diff == --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Thu Aug 27 15:37:21 2009 @@ -3,18 +3,18 @@ Apache Tomcat - Apache Tomcat 5.x vulnerabilities - - - + + + - - + + http://tomcat.apache.org/";> - + @@ -25,28 +25,28 @@ http://www.apache.org/";> -http://www.apache.org/images/asf-logo.gif"; /> +http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache Logo" border="0"/> -http://www.google.com/search";> - - - +http://www.google.com/search"; method="get"> + + + - + - + - + Apache Tomcat @@ -175,11 +175,11 @@ - - + + - + Apache Tomcat 5.x vulnerabilities @@ -213,16 +213,16 @@ - + - + - - -Fixed in Apache Tomcat 5.5.SVN + + +Fixed in Apache Tomcat 5.5.28 @@ -335,14 +335,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.27 @@ -415,14 +415,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.26 @@ -490,14 +490,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.25, 5.0.SVN @@ -579,14 +579,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.24, 5.0.SVN @@ -616,14 +616,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.23, 5.0.SVN @@ -658,14 +658,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.22, 5.0.SVN @@ -719,14 +719,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.21, 5.0.SVN @@ -759,14 +759,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.21 @@ -811,14 +811,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.18, 5.0.SVN @@ -846,14 +846,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.17, 5.0.SVN @@ -881,14 +881,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.16, 5.0.SVN @@ -916,14 +916,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.13, 5.0.SVN @@ -971,14 +971,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.7, 5.0.SVN @@ -1006,14 +1006,14 @@ - + - + - + Fixed in Apache Tomcat 5.5.1 @@ -1045,14 +1045,14 @@ - + - + - + Not a vulnerability in Tomcat @@ -1118,7 +1118,7 @@ - + @@ -1127,17 +1127,17 @@ - + - + Copyright © 1999-2009, The Apache Software Foundation - + "Apache", the Apache feather, and the Apache Tomcat logo are trademarks of the Apache Software Foundation for our open source software. Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=808462&r1=808461&r2=808462&view=diff == --- tomcat/site/trunk/xdocs/security-5.xml (original) +++ tomcat/site/trunk/xdocs/security-5.xml Thu Aug 27 15:37:21 2009 @@ -28,7 +28,7 @@ - + Important: Information Disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515";> CVE-2008-5515 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r808465 - in /tomcat/site/trunk: docs/security-3.html docs/security-4.html xdocs/security-3.xml xdocs/security-4.xml
Author: markt Date: Thu Aug 27 15:40:42 2009 New Revision: 808465 URL: http://svn.apache.org/viewvc?rev=808465&view=rev Log: There will be no more security updates for 3.x and 4.x Modified: tomcat/site/trunk/docs/security-3.html tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/xdocs/security-3.xml tomcat/site/trunk/xdocs/security-4.xml Modified: tomcat/site/trunk/docs/security-3.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?rev=808465&r1=808464&r2=808465&view=diff == --- tomcat/site/trunk/docs/security-3.html (original) +++ tomcat/site/trunk/docs/security-3.html Thu Aug 27 15:40:42 2009 @@ -3,18 +3,18 @@ Apache Tomcat - Apache Tomcat 3.x vulnerabilities - - - + + + - - + + http://tomcat.apache.org/";> - + @@ -25,28 +25,28 @@ http://www.apache.org/";> -http://www.apache.org/images/asf-logo.gif"; /> +http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache Logo" border="0"/> -http://www.google.com/search";> - - - +http://www.google.com/search"; method="get"> + + + - + - + - + Apache Tomcat @@ -175,11 +175,11 @@ - - + + - + Apache Tomcat 3.x vulnerabilities @@ -201,20 +201,24 @@ Please send comments or corrections for these vulnerabilities to the mailto:secur...@tomcat.apache.org";>Tomcat Security Team. +Please note that Tomcat 3 is no longer supported. Further vulnerabilities + in the 3.x branches will not be fixed. Users should upgrade to 5.5.x or + 6.x to obtain security fixes. + - + - + - + Not fixed in Apache Tomcat 3.x @@ -282,14 +286,14 @@ - + - + - + Fixed in Apache Tomcat 3.3.2 @@ -318,14 +322,14 @@ - + - + - + Fixed in Apache Tomcat 3.3.1a @@ -365,14 +369,14 @@ - + - + - + Fixed in Apache Tomcat 3.3.1 @@ -401,14 +405,14 @@ - + - + - + Fixed in Apache Tomcat 3.3a @@ -450,14 +454,14 @@ - + - + - + Fixed in Apache Tomcat 3.2.4 @@ -472,7 +476,7 @@ moderate: Information disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563";> CVE-2001-1563 - + No specifics are provided in the vulnerability report. This may be a @@ -485,14 +489,14 @@ - + - + - + Fixed in Apache Tomcat 3.2.2 @@ -518,7 +522,7 @@ moderate: Information disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590";> CVE-2001-0590 - + A specially crafted URL can be used to obtain the source for JSPs. @@ -530,14 +534,14 @@ - + - + - + Fixed in Apache Tomcat 3.2 @@ -552,7 +556,7 @@ low: Information disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759";> CVE-2000-0759 - + Requesting a JSP that does not exist results in an error page that @@ -564,7 +568,7 @@ important: Information disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672";> CVE-2000-0672 - + Access to the admin context is not protected. This context allows an @@ -579,14 +583,14 @@ - + - + - + Fixed in Apache Tomcat 3.1 @@ -601,7 +605,7 @@ important: Information disclosure http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";> CVE-2000-1210 - + source.jsp, provided as part of the examples, allows an attacker to read @@ -614,7 +618,7 @@ - + @@ -623,17 +627,17 @@ - + - + Copyright © 1999-2009, The Apache Software Foundation - + "Apache", the Apache feather, and the Apache Tomcat logo are trademarks of the Apache Software Foundation for our open source software. Modified: tomcat/site/trunk/docs/security-4.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=808465&r1=808464&r2=808465&view=diff == --- tomcat/site/trunk/docs/security-4.html (original) +++ tomcat/site/trunk/docs/security-4.html Thu Aug 27 15:40:42 2009 @@ -3,18 +3,18 @@ Apache Tomcat - Apache Tomcat 4.x vulnerabilities - - - + + + - - + + http://tomcat.apache.org/";> - + @@ -25,28 +25,28 @@ http://www.apache.org/";> -http://www.apache.org/images/asf-logo.gif"; /> +http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache Logo" border="0"/> -http://www.google.com/search";> - - - +http://www.google.com/search"; method="get"> + + + - + - + - + Apache Tomcat @@ -175,11 +175,11 @@ - - + + - + Apache Tomcat 4.x vulnerabilities @@ -201,9 +201,9 @@ Please send comments or corrections for these vulnerabilities to the mailto:secur...@tomcat.apache.org";>Tomcat Security Team. -Please note that Tomcat
DO NOT REPLY [Bug 47750] New: Loss of worker settings when changing via jkstatus
https://issues.apache.org/bugzilla/show_bug.cgi?id=47750 Summary: Loss of worker settings when changing via jkstatus Product: Tomcat Connectors Version: 1.2.28 Platform: PC OS/Version: Windows Server 2003 Status: NEW Severity: major Priority: P2 Component: Common AssignedTo: dev@tomcat.apache.org ReportedBy: robert.ma...@capita.co.uk --- Comment #0 from robert.ma...@capita.co.uk 2009-08-27 10:19:06 PDT --- Running a load-balanced worker with two nodes - configuration is fine, as ISAPI filter starts up and works correctly. A change is made to a worker node using the jkstatus page (for example, stopping node2, then starting it again). This works fine, as the worker stops correctly, then becomes available again and works fine. After an amount of time, the mod_jk log shows the ISAPI filter starting again - presumably this is IIS restarting something, although it doesn't behave the same as an app pool recycle so not sure what it is or what is triggering it. When this happens, the log shows the shared memory being reset in the log for the workers, and what appears to be the shm being updated with the previous values from the load-balancer worker's memory, although the sequence number from memory doesn't match the value that was previously reached from performing the updates via jkstatus: jk_lb_worker.c (347): syncing shm for lb 'node-lb' from mem (0->1) The log them shows shared memory for the load-balancer being synced again under worker maintenance - the sequence numbers do not match, with the value of p->sequence being the value previously reached from making the jkstatus changes, while the shm sequence is still 1 as a result of the previous sync. So the log shows: jk_lb_worker.c (292): syncing mem for lb 'node-lb' from shm (3->1) The log then shows that, as a result of this lb sync, the "changed" workers are then sync'd from the shm. However, as the data structure of the shm has been reset by the "restart" of the ISAPI filter, the values for that worker are set to zero. As this includes the max_packet_size, any request to this worker will be larger than the max packet size of zero and so causes an "error 413 request entity too large" to be displayed. The zero'd records display as such for the worker in jkstatus - manually updating these entries to the correct values allows that worker to function again. I have made a small amendment on my system so that any calls to jk_lb_pull will only occur if the mem sequeunce is less than the shm sequeunce (rather than just "not equal"), ie. changed: if (p->sequence != p->s->h.sequence) jk_lb_pull(p, JK_TRUE, l); to: if (p->sequence < p->s->h.sequence) jk_lb_pull(p, JK_TRUE, l); for all instances where jk_lb_pull is called as a result of this conditional. It seems to have resolved this particular issue and the settings persist correctly, but not sure if it is actually a correct solution! -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47750] Loss of worker settings when changing via jkstatus
https://issues.apache.org/bugzilla/show_bug.cgi?id=47750 robert.ma...@capita.co.uk changed: What|Removed |Added CC||robert.ma...@capita.co.uk -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47756] New: Unable to read TLD "META-INF/taglib.tld"
https://issues.apache.org/bugzilla/show_bug.cgi?id=47756 Summary: Unable to read TLD "META-INF/taglib.tld" Product: Tomcat 6 Version: 6.0.20 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Jasper AssignedTo: dev@tomcat.apache.org ReportedBy: cn.myth.s...@gmail.com --- Comment #0 from castalia 2009-08-27 23:10:22 PDT --- I got an error when using tomcat,the below are the details.And I looked over the source of jaser and found [location[1] = "META-INF/taglib.tld";] in the org.apache.jasper.compiler.TagLibraryInfoImpl.java and TagPluginManager.java.I want to know how to solve it and why?? Thanks. ---web.xml /struts-tags /WEB-INF/lib/struts2-core-2.1.6.jar -- struts-tag.tld is in the struts2-core-2.1.6.jar. - Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: Unable to read TLD "META-INF/taglib.tld" from JAR file "file:/E:/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/AccountMgr/WEB-INF/lib/struts2-core-2.1.6.jar": java.lang.NullPointerException at org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:51) at org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:409) at org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:181) at org.apache.jasper.compiler.TagLibraryInfoImpl.(TagLibraryInfoImpl.java:182) at org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:429) at org.apache.jasper.compiler.Parser.parseDirective(Parser.java:492) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1439) at org.apache.jasper.compiler.Parser.parse(Parser.java:137) at org.apache.jasper.compiler.ParserController.doParse(ParserController.java:255) at org.apache.jasper.compiler.ParserController.parse(ParserController.java:103) at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:170) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:332) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:312) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:299) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:586) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:389) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:620) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
