 |
CVE-2007-0774 : A denial of service and critical remote code execution vulnerability. Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes. Reported by ZDI (www.zerodayintiative.com). Please note this issue only affected versions 1.2.19 and 1.2.20 of the Apache Tomcat JK Web Server Connector and not previous versions. Tomcat 5.5.20 and Tomcat 4.1.34 included a vulnerable version in their source packages. Other versions of Tomcat were not affected. |
 |
启动前检查配置是否正确,如果配置错误则停止启动过程. (jfclere) |
|
41439: Allow session IDs to get stripped off URLs of static content in Apache by adding JkStripSession directive (configurable per vhost). (mturk) |
|
Change semantics of empty defaults for JkEnvVar variables. Until 1.2.19: not allowed. In 1.2.20: send variables as empty strings, if neither set to non empty in config, nor during runtime. Starting with 1.2.21: If config has no second argument only send variable if set (even when set to empty string) during runtime. Allows good combination with condition attribute in tomcat access log. (rjung) |
|
41610: Fix incorrect detection of missing Content-Length header leading to duplicate headers. Contributed by Boris Maras. (rjung) |
|
Better build support for SunONE (Netscape/iPlanet) webservers. (jim) |
|
解析urlworkermap.properties时,对于重复的URL Mapping配置予以警告. (rjung) |
|
Don't concat worker names, if uriworkermap.properties has a duplicate pattern, instead overwrite the worker. (rjung) |
|
Log deprecation message even in duplication case. (rjung) |
|
uriworkermap.properties: Fix off-by-one problem when deleting URL mapping during reloading of uriworkermap.properties. (rjung) |
|
41439: Allow session IDs to get stripped off URLs of static content in IIS (configurable). (rjung) |
|
41333: Refactoring isapi_plugin configuration reading. (rjung) |
|
41332: Add some more errno logging and unify the format. (rjung) |
|
JkStatus: Improved logging by adding status worker name to messages. Added messages to the recover worker action. (rjung) |
|
JkStatus: Refactoring searching for workers and sub workers. (rjung) |
|
41318: Add configuration to make status worker user name checks case insensitive. (rjung) |
|
JkStatus: Add estimated time until next global maintenance to other mime types and adopt jkstatus ant task. (rjung) |
|
JkStatus: Show estimated time until next global maintenance. Change displayed time until next recovery to a min/max pair. (rjung) |
|
JkStatus: Allow a user of a read/write status worker to switch it to and from read_only mode temporarily. (rjung) |
|
JkStatus: Do not show read/write commands in a read_only status worker. (rjung) |
|
JkStatus: Allow lb sub workers in error state to be marked for recovery administratively from the status worker. (rjung) |
|
Load Balancer: Do not try to recover multiple times in parallel. Use additional runtime states "PROBE" and "FORCED". (rjung) |
|
JkStatus: 提升不同进程间的数据同步性能. (rjung) |
|
41381: Fix segfault in feature fail_on_status (wrong order of log arguments). Patch by Juri Haberland. (rjung) |
|
Use correct windows line endings for log file on WIN32 platform. (rjung) |
您好,欢迎光临|||||||
JK 1.2.21
2007年3月30日(Friday) 13点49分
作者: 刘冬 天气:
心情: 一般
Changes between 1.2.20 and 1.2.21
|
网记为您提供手机和互联网同步的个人主页,带给你不一样的体验
Powered by DLOG4J 4.0