May 18, 2007
18 May 2007 - Apache Tomcat JK 1.2.23 Web Server Connector released
The Apache Tomcat team is pleased to announce the immediate availability of version 1.2.23 of the Apache Tomcat Connectors.
It contains connectors, which allow a web server such as Apache HTTPD, Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web application server.
This version contains only one security fix:
CVE-2007-1860: Information disclosure (patch for CVE-2007-0450 was insufficient)
With the mod_jk default configuration, double encoded URLs could break JkMount access control. A complete fix might need configuration adjustments. Please consult
http://tomcat.apache.org/security-jk.html
for a more detailed description. Please note, that this issue only affected the Apache HTTPD module mod_jk.
Source distribtions can be downloaded from an Apache Software Foundation mirror at:
http://tomcat.apache.org/download-connectors.cgi
Binary distributions for a number of different operating systems and web servers can be downloaded from an Apache Software Foundation mirror at:
http://tomcat.apache.org/download-connectors.cgi
Documentation for using JK with Tomcat 3.3, 4.1, 5.0 and 5.5 can be found at:
http://tomcat.apache.org/connectors-doc/
----
---- Posted by Tetsuya Kitahata at May 18, 2007 08:58 PMhttp://www.apachenews.org/archives/000985.html
[ Category : Apache Tomcat ] (PDF)(XML)
