Blogging Techstacks

If there is a better way to celebrate Valentine's Day than sitting at your desk watching a live, streaming webinar about F5 BigIP iRule development tips and tricks, I challenge you to place them in the comments below!

The event runs for 90 minutes starting at 10AM Pacific/1PM Eastern on February 14, 2012. 

If you want to fall in love with Tcl (a Top 50 programming language!) all over again, register for F5's iRule Love live stream. According to the invite, early registrants who attend the event are also eligible to win some DevCentral swag, so you may be able to tell your cats, "We got lucky on Valentine's Day! Thanks DevCentral!!"

The Apache HTTP Server project released version 2.2.22 and it's an important release, addressing 6 "significant" security vulnerabilities:

1. CVE-2011-3368 (cve.mitre.org)  -  Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
2. CVE-2011-3607 (cve.mitre.org)  -  Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
3. CVE-2011-4317 (cve.mitre.org)  -  Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
4. CVE-2012-0021 (cve.mitre.org)  -  mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17.
5. CVE-2012-0031 (cve.mitre.org)  -  Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
6. CVE-2012-0053 (cve.mitre.org)  -  Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.

There are also some bugs fixed in this release as well—see the changelog for the full list and, like always, you can download a copy from a mirror near you.

The Apache Tomcat team announced the release of Tomcat 7.0.25. There are quite a few new features and bug fixes in this release, including alignment of the Servlet 3.0 specification with the revision A maintenance release, updates to the Eclipse JDT compiler, Commons Pool, and Commons Daemon, and more. See the changelog for more information and download it from a mirror near you.