108 posts categorized "info"


CryptoNark v0.4.6 Released

I'm releasing an update to CryptoNark today, which is a maintenance release that fixes a few bugs that have been sitting out there for a little while now.  No new SSL/TLS testing functionality is in this release.  The three changes in this release are:

  1. Modified cryptonark to utilize a port number in all $url variable assignments.  This was an easy way for me to allow cryptonark to perform the extended http scanning when those http hosts were not using well-known port numbers.  This functionality may also change in the future as I retool things to accomodate SSL listeners that run on ports other than 443.
  2. Sometime in an earlier v0.4.x release, non-ssl host tests were still getting ssl tests sent to it.  This release fixes that issue.
  3. The get_server_type function has been fixed as well so it now properly sets the global variable that was supposed to be assigned the value of the HTTP Server header.  My "discovery" that the HTTP PROPFIND method test was broken in the previous release drove this fix.

The Downloads page on this site has been updated with the new version.  Because the script is now over 600 lines long, I do not post the source in release posts any longer.


Apache Tomcat 7.0.19 Released

A few days ago, the apache tomcat team announced that Tomcat 7 through version 7.0.18, Tomcat 6 through version 6.0.32, and Tomcat 5.5 through version 5.5.33 contained some information disclosure and availability-related vulnerabilities.  Today, the Apache Tomcat team released version 7.0.19, which addresses these vulnerabilities within Tomcat 7.  Presumably, updates for Tomcat 5.5 and Tomcat 6 will be forthcoming as well.

There are some new features in this release as well:

  1. JSP recompilation now occurs whenever the last-modified date changes, regardless of whether the date is earlier or later
  2. An alternative connection pooling option, jdbc-pool, is included
  3. The Windows installer can now be used to install multiple instances.

The Tomcat 7 changelog lists all the fixes, features, and changes that have been incorporated into this version.  version 7.0.17 and 7.0.18 were never formally released so tomcat 7.0.19 incorporates changes from those versions as well.  

Downloads are available at the tomcat mirror sites.


JBoss Application Server 7 Released

I saw the announcement over on Rich Sharples' blog that JBoss Application Server 7 is out.  The blog post covers some of the interesting new features and changes.  I also received an email from Redhat with 7 reasons to love about the new release:

  1. Blazing fast start-up time - up to 10X faster!
  2. Java EE 6 - leading the pack. again.
  3. Very lightweight - exceptionally small footprint and aggressive memory management mean you can run it practically everywhere.
  4. Modular core - delivers true application isolation.
  5. Elegant management - simplified console and APIs.
  6. Domain management - manage servers as groups.
  7. Testable by design - simplified in-container testing via the Arquillian project speeds development. 

The JBoss community site has binaries available so we can all start playing right away.  Congratulations to the JBoss App Server team on this new release!  The countdown to JBoss EAP6 has now started.