« Suppressing the X-Powered-By Header in JBoss | Main | Adding iTerm2 Themes »

02/07/2011

Note on Recent Tomcat Releases

The changelogs of the new tomcat releases over the past few days may have failed to clearly indicate that these newer releases also address some security vulnerabilities, which makes upgrading to them all the more important.  

Although some of these may have been fixed a point release or two earlier, the following security vulnerabilities have been addressed in the recent tomcat 5.5.32, tomcat 6.0.32, and tomcat 7.0.8 releases:

CVE-2011-0013 Apache Tomcat Manager XSS vulnerability

CVE-2011-0534 Apache Tomcat DoS vulnerability

Oracle JVM bug causes denial of service in Apache Tomcat

CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01156fbc6fe6970c0148c86a8845970c

Listed below are links to weblogs that reference Note on Recent Tomcat Releases:

Comments