Re: Apache Tomcat 6.0.34

2011-11-16 Thread Konstantin Kolinko
2011/11/16 Konstantin Kolinko : > 2011/11/16 Angus Yiu : >> >> >> Hello, >> >> We hit Authentication bypass and information disclosure CVE-2011-3190   >> in tomcat >> 6.0.32 >> May i know when Tomcat 6.0.34 will be release? >> > > Tag a

Re: Apache Tomcat 6.0.34

2011-11-15 Thread Konstantin Kolinko
2011/11/16 Angus Yiu : > > > Hello, > > We hit Authentication bypass and information disclosure CVE-2011-3190   > in tomcat 6.0.32 > May i know when Tomcat 6.0.34 will be release? > Tag and release candidates are already done and vote i

Apache Tomcat 6.0.34

2011-11-15 Thread Angus Yiu
Hello, We hit Authentication bypass and information disclosure CVE-2011-3190 in tomcat 6.0.32 May i know when Tomcat 6.0.34 will be release? Regards, Angus This message may contain confidential or

Re: Availability of Apache Tomcat 6.0.34?

2011-09-21 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shanti, On 9/21/2011 1:39 AM, Yajnik, Shanti wrote: > Thanks Chris. Do you know when 6.0.34 version of Tomcat will be > available for download? Note that there is a simple workaround with affected versions: use mod_jk's "secret" setting on all your w

Re: Availability of Apache Tomcat 6.0.34?

2011-09-21 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shanti, On 9/21/2011 1:39 AM, Yajnik, Shanti wrote: > Thanks Chris. Do you know when 6.0.34 version of Tomcat will be > available for download? Nope. It will ship whenever the devs decide it's time for another release. - -chris -BEGIN PGP SIGNAT

RE: Availability of Apache Tomcat 6.0.34?

2011-09-20 Thread Yajnik, Shanti
List Subject: Re: Availability of Apache Tomcat 6.0.34? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shanti, On 9/15/2011 4:21 AM, Yajnik, Shanti wrote: > Does anyone know when the fix for the specific vulnerability: > CVE-2011-3190 will be available for the 6.0.33 version of Apache &g

Re: Availability of Apache Tomcat 6.0.34?

2011-09-16 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shanti, On 9/15/2011 4:21 AM, Yajnik, Shanti wrote: > Does anyone know when the fix for the specific vulnerability: > CVE-2011-3190 will be available for the 6.0.33 version of Apache > Tomcat? The Tomcat team does not release binary patches, so the

Availability of Apache Tomcat 6.0.34?

2011-09-15 Thread Yajnik, Shanti
Hi, Does anyone know when the fix for the specific vulnerability: CVE-2011-3190 will be available for the 6.0.33 version of Apache Tomcat? Best Regards, Shanti