doobries domain

The Apache Tocat team have announced the release of Tomcat 7.0.34. " This release contains a small number of bug fixes and improvements compared to version 7.0.33. The notable changes include Improvements to the AccessLogValve to better handle non-standard DST changes and to provide option for the current access log to have a standard name. Fix various JMX registration and deregistration issues. Update the Eclipse JDT compiler to 4.2.1 " The new release of Tomcat can be downloaded from the project's  download site . Full release notes can be dound in the  Changelog .

The Apache Tomcat team has announced 3 new security advisories for Apache Tomcat versions 6 and 7.  All three of these advisories are classified as important, meaning that users should upgrade to an appropriate version of Tomcat. The advisories are: CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter CVE-2012-4534 Apache Tomcat denial of service " When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. " Users are advised to upgrade to Tomcat version 7.0.28 or later (or 6.0.36 or later for Tomcat 6 users). CVE-2012-3546 Apache Tomcat Bypass of security constraints " When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to ...