/[pkg-java]/trunk/tomcat/debian/changelog
ViewVC logotype

Diff of /trunk/tomcat/debian/changelog

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 113 by sgybas, Thu Oct 24 13:54:40 2002 UTC revision 114 by sgybas, Mon Jan 27 12:23:49 2003 UTC
# Line 1  Line 1 
1    tomcat (3.3.1a-1) unstable; urgency=high
2    
3      * New upstream release which fixes two security vulnerabilities:
4        + when used with JDK 1.3.1 or earlier, a maliciously crafted request
5          could return a directory listing even when an index.html, index.jsp,
6          or other welcome file is present. File contents can be returned as well.
7        + a malicious web application could read the contents of some files
8          outside the web application via its web.xml file in spite of the
9          presence of a security manager
10      * Disable the examples webapp since it contains cross site scripting
11        vulnerability: examples.war is now installed in
12        /usr/share/doc/tomcat/examples
13      * Standards-Version: 3.5.8 (no changes required)
14      * Build with the latest Apache version
15      * Updates README.Debian
16    
17     -- Stefan Gybas <sgybas@debian.org>  Mon, 27 Jan 2003 10:50:13 +0100
18    
19  tomcat (3.3a-5) unstable; urgency=low  tomcat (3.3a-5) unstable; urgency=low
20    
21    * Build with latest Ant, JDK and Apache versions (closes: #156608)    * Build with latest Ant, JDK and Apache versions (closes: #156608)
# Line 5  tomcat (3.3a-5) unstable; urgency=low Line 23  tomcat (3.3a-5) unstable; urgency=low
23      libapache2-mod-webapp      libapache2-mod-webapp
24    * Use jikes to compile the Java classes, disable SunJavaCompiler so    * Use jikes to compile the Java classes, disable SunJavaCompiler so
25      we don't need the JDK utility classes to build this package. This      we don't need the JDK utility classes to build this package. This
26      also means that Sun's Java compiler can'tbe using for compiling      also means that Sun's Java compiler can't be using for compiling
27      JSPs any longer. This is the first step for Tomcat's migration from      JSPs any longer. This is the first step for Tomcat's migration from
28      contrib to main.      contrib to main.
29    * Build using Xalan-J 2 instead of the deprecated Xalan-J 1    * Build using Xalan-J 2 instead of the deprecated Xalan-J 1
Legend:
Removed from v.113  
changed lines
  Added in v.114
  ViewVC Help
Powered by ViewVC 1.1.5