> -----Original Message-----
> From: Remy Maucherat [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 23, 2002 10:05 AM
> To: Tomcat Developers List
> Subject: [VOTE] [4.0.5] [4.1.12] Security releases
>
>
> A security vulnerability which affects all releases of Tomcat 4.x has
> been discovered.
>
> It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at
> which time the exploit will be publicized. The security advisory will
> also include an easy workaround to protect existing Tomcat
> installations, so upgrading is not a necessity.
>
> Tomcat 4.0.5 release
> --------------------
>
> Tomcat 4.0.5 is virtually indentical to 4.0.4, with the exception of:
> - a bugfix to URL parsing
> - the security fix
>
> <ballot>
> +1 [X] Yes, I approve this release
> -1 [ ] No, because:
>
> </ballot>
>
> Tomcat 4.1.12 Stable release
> ----------------------------
>
> Tomcat 4.1.12 includes all the changes made to Tomcat 4.1.10
> since its
> release. Tomcat 4.1.11, on which the release is based, has recieved
> positive feedback so far. The list of changes is available in the
> release notes.
> It is proposed that it recieves a Stable rating. The existing 4.1.10
> release will be retired.
>
> <ballot>
> +1 [X] Yes, I approve this release
> -1 [ ] No, because:
>
> </ballot>
>
> The proposed binaries for 4.0.5 and 4.1.12 are available at:
> http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/
> http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/
>
> 4.0.5 was packaged on my new computer (which I have been
> using for all
> the 4.1.x releases), and may contain unwanted changes over
> 4.0.4. Please
> let me know if there are problems.
>
> Remy
>
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-dev-> [EMAIL PROTECTED]>
> For
> additional commands,
> e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
