Please let me repeat my question from June 6th: Why is this CVE still not addressed in "Apache Tomcat JK Connectors vulnerabilities" http://tomcat.apache.org/security-jk.html?
http://www.cvedetails.com/cve/CVE-2014-8111/ --------------------------------- Hi, could you please tell us, when the fixed mod_jk-Version 1.2.41 will be publicly available? The webpage does not mention any vulnerability at all, plus no newer release than the vulnerable 1.2.40. For now RedHat mentions only the fix to the source code from December 2014. http://svn.apache.org/viewvc?view=revision&revision=1647017 Best regards. Peter
