Sun Country's Weblog archive
Date : April 6, 2011

4 from Apache

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Apache


[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure

CVE-2011-1475 Apache Tomcat information disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.11
- Earlier versions are not affected

Description:
Changes introduced to the HTTP BIO connector to support Servlet 3.0
asynchronous requests did not fully account for HTTP pipelining. As a
result, when using HTTP pipelining a range of unexpected behaviours
occurred including the mixing up of responses between requests. While
the mix-up in responses was only observed between requests from the same
user, a mix-up of responses for requests from different users may also
be possible.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- Upgrade to a Tomcat 7.0.12 or later
- Switch to the NIO or APR/native HTTP connectors that do not exhibit
this issue

Credit:
This issue was identified by Brad Piles and reported via the public ASF
Bugzilla issue tracking system.
The Apache Tomcat security team requests that security vulnerability
reports are made privately to security@tomcat.apache.org in the first
instance.

References:

http://tomcat.apache.org/security.html

http://tomcat.apache.org/security-7.html

———————————————————————
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org


[SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass

CVE-2011-1183 Apache Tomcat security constraint bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.11
- Earlier versions are not affected

Description:
A regression in the fix for CVE-2011-1088 meant that security
constraints were ignored when no login configuration was present in the
web.xml and the web application was marked as meta-data complete.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- Upgrade to a Tomcat 7.0.12 or later
- Ensure a login configuration is defined in web.xml

Credit:
This issue was identified by the Apache Tomcat security team.

References:

http://tomcat.apache.org/security.html

http://tomcat.apache.org/security-7.html

———————————————————————
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org


[ANN] Apache Tomcat 7.0.12 released

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.12.

Apache Tomcat 7.0.12 includes bug fixes and the following new features
compared to version 7.0.11:

* initial support for SPNEGO/Kerberos authentication (also referred to
as Windows authentication);
* provide a new configuration option to define a close method to call on
a JNDI resource when it is no longer required;
* optional support for pre-emptive authentication.

Please refer to the change log for the list of changes:

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Known issues:
* HTTP pipelining is likely to fail with 505 errors with the HTTP BIO
connector (bug 50957). The other connectors (HTTP NIO, HTTP APR/native,
AJP BIO & AJP APR/native) are not affected.

Note that this version has 4 zip binaries: a generic one and three
bundled with Tomcat native binaries for Windows operating systems
running on different CPU architectures.

Downloads:

http://tomcat.apache.org/download-70.cgi

Migration guide from Apache Tomcat 5.5.x and 6.0.x:

http://tomcat.apache.org/migration.html

Thank you,

– The Apache Tomcat Team

———————————————————————
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org


[ANNOUNCEMENT] Apache Gora 0.1-incubating Released

Hi All,

The Gora community has released Apache Gora 0.1-incubating under the
Apache Incubator.

Apache Gora is an ORM framework for column stores such as Apache HBase
and Apache Cassandra with a specific focus on Hadoop.

The source files for 0.1-incubating release is available at:

http://www.apache.org/dist/incubator/gora/0.1-incubating

In the new hours, the release may not be available on all mirrors.
When downloading from a mirror site, please remember to verify the
downloads using signatures found on the Apache site:

http://www.apache.org/dist/incubator/gora//0.1-incubating/KEYS-0.1-incubating

For more information on Apache Gora, visit the project home page:

http://incubator.apache.org/gora/

Thanks,

Henry
Apache Gora 0.1-incubating Release Manager

———————————————————————
To unsubscribe, e-mail: announce-unsubscribe@apache.org
For additional commands, e-mail: announce-help@apache.org

Share

Android Developers Blog: I think I’m having a Gene Amdahl moment

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Android / Chrome / Google

http://goo.gl/s4ncy

Sprint Extends Agreement Worth $1.2 Billion to Provide Wireline/Wireless Voice and Data Services to VHA, the Leading National Health Care Purchasing Network

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Sprint

http://newsroom.sprint.com/article_display.cfm?article_id=1856


Assurance Wireless to Aid Arkansas Residents Facing Economic Hardship with Free Cell Phone and Wireless Service


http://newsroom.sprint.com/article_display.cfm?article_id=1855

Industrial Light & Magic’s Rango Rides Into the Wild West With Help From NVIDIA Quadro

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Movies - Theatre, nVidia

http://pressroom.nvidia.com/easyir/customrel.do?easyirid=A0D622CE9F579F09&version=live&prid=741106&releasejsp=release_157&xhtml=true

How many people who work at Pixar are actually part of the movie?

Novell First to Enable Development of .NET Applications for Android using Microsoft Visual Studio

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Novell

http://www.novell.com/news/press/2011/4/novell-first-to-enable-development-of-net-applications-for-android-using-microsoft-visual-studio.html

Fixing the little things – Official Gmail Blog

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Android / Chrome / Google

http://gmailblog.blogspot.com/2011/04/fixing-little-things.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: OfficialGmailBlog (Gmail Blog)

Oracle’s New x86 Servers Demonstrate World Record 4 Processor Performance on Industry-Standard Benchmark

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Oracle

http://www.oracle.com/us/corporate/press/354638

IBM Sets Performance Records with New eX5 Servers

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: IBM

http://www-03.ibm.com/press/us/en/pressrelease/34204.wss

HP Enables Increased Productivity for Business Customers and Mobile Professionals

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Hewlett-Packard

http://www.hp.com/hpinfo/newsroom/press/2011/110406xb.html?mtxs=rss-corp-news

 

HP Advances Software Strategy with Plans for New Bay Area Facility

 


http://www.hp.com/hpinfo/newsroom/press/2011/110406a.html?mtxs=rss-corp-news

Official Google Blog: Ladies and gentlemen, start your editors! Registration now open for Google Code Jam 2011

by alan
Published on: April 6, 2011
Comments: No Comments
Categories: Android / Chrome / Google

http://goo.gl/mQxNc


Supporting our beloved science museums


http://goo.gl/s2w4o

Velocity

Velocity Discount


$300 discount to Velocity NY this year using the discount code USRG300 with this link:

http://oreil.ly/1pH8eqz.
Flattr Me
Categories
Welcome , today is Monday, September 1, 2014