Releases 5.1.10 and 4.2.15 of Jetty are available via
http://jetty.mortbay.orgThese release fix a security flaw that allows a crafted URL to access the contents
of WEB-INF on win32 platform.
Jetty-5.1.10 - 5 January 2005
+ Fixed path aliasing with // on windows.
+ Fix for AJP13 with multiple headers
+ Fix for AJP13 with encoded path
+ Remove null dispatch attributes from getAttributeNames
+ Put POST content default back to iso_8859_1. GET is UTF-8 still
Jetty-4.2.25 - 4 Jan 2006
+ Fixed aliasing of // for win32
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click_______________________________________________
Jetty-support mailing list
Jetty-support@...
https://lists.sourceforge.net/lists/listinfo/jetty-support
