[Jetty-support] Release 5.1.10 and 4.2.15 - Security issue on win32

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Jetty-support] Release 5.1.10 and 4.2.15 - Security issue on win32

Greg Wilkins-5

Releases 5.1.10 and 4.2.15 of Jetty are available via http://jetty.mortbay.org

These release fix a security flaw that allows a crafted URL to access the contents
of WEB-INF on win32 platform.  

Jetty-5.1.10 - 5 January 2005
 + Fixed path aliasing with // on windows.
 + Fix for AJP13 with multiple headers
 + Fix for AJP13 with encoded path
 + Remove null dispatch attributes from getAttributeNames
 + Put POST content default back to iso_8859_1. GET is UTF-8 still

Jetty-4.2.25 - 4 Jan 2006
 + Fixed aliasing of // for win32

This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
Jetty-support mailing list
[hidden email]