From 2d0baff5f5c1f774deae58c891714c3749a0c7e7 Mon Sep 17 00:00:00 2001 From: Ernst de Haan Date: Thu, 10 Oct 2002 22:51:09 +0000 Subject: Upgrade to Tomcat 4.0.6, released on 9 October 2002. From the News & Status page: A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases (including Tomcat 4.0.5), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. This is based on a variant of the exploit that was disclosed on 09/24/2002. See: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES --- www/jakarta-tomcat4/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'www/jakarta-tomcat4/Makefile') diff --git a/www/jakarta-tomcat4/Makefile b/www/jakarta-tomcat4/Makefile index a243dad33889..f3f2b6595309 100644 --- a/www/jakarta-tomcat4/Makefile +++ b/www/jakarta-tomcat4/Makefile @@ -6,8 +6,7 @@ # PORTNAME= jakarta-tomcat -PORTVERSION= 4.0.5 -PORTREVISION= 2 +PORTVERSION= 4.0.6 CATEGORIES= www java MASTER_SITES= http://jakarta.apache.org/builds/jakarta-tomcat-${PORTVERSION:R}/release/v${PORTVERSION}/bin/ \ http://www.metaverse.nl/~ernst/ \ -- cgit v1.2.3