libapache-mod-jk 1:1.2.49-1 source package in Ubuntu
Changelog
libapache-mod-jk (1:1.2.49-1) unstable; urgency=high
* New upstream version 1.2.49.
- Fix CVE-2023-41081:
The mod_jk component of Apache Tomcat Connectors in some circumstances,
such as when a configuration included "JkOptions +ForwardDirectories" but
the configuration did not provide explicit mounts for all possible
proxied requests, mod_jk would use an implicit mapping and map the
request to the first defined worker. Such an implicit mapping could
result in the unintended exposure of the status worker and/or bypass
security constraints configured in httpd. As of JK 1.2.49, the implicit
mapping functionality has been removed and all mappings must now be via
explicit configuration. (Closes: #1051956)
Thanks to Salvatore Bonaccorso for the report.
-- Markus Koschany <email address hidden> Fri, 15 Sep 2023 00:25:01 +0200
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libapache-mod-jk_1.2.49-1.dsc | 2.5 KiB | 2117d18c98b709010d8568e820be14f646c3572a8432e719b3f790f80352053b |
| libapache-mod-jk_1.2.49.orig.tar.gz | 1.6 MiB | 43cb0283c92878e9d4ef110631dbd2beb6b55713c127ce043190b2b308757e9c |
| libapache-mod-jk_1.2.49.orig.tar.gz.asc | 873 bytes | ba9d62262983873aa780aea48332c98b76f888c95016bb50a6ab7ca7497758e3 |
| libapache-mod-jk_1.2.49-1.debian.tar.xz | 59.3 KiB | f9e2e1542761c272019cea95ec94941c7f1e304c2bbb1ba89dac9f76a1ea5598 |
Available diffs
- diff from 1:1.2.48-2 to 1:1.2.49-1 (2.0 MiB)
No changes file available.
Binary packages built by this source
- libapache-mod-jk-doc: Documentation of libapache2-mod-jk package
Documentation and examples of the Apache jk connector for the Tomcat
Java servlet engine.
.
For uptodate documentation about Tomcat connectors please take a look
at the home page at http://tomcat. apache. org/connectors- doc/.
- libapache2-mod-jk: Apache 2 connector for the Tomcat Java servlet engine
Apache Tomcat is the reference implementation for the Java Servlet and
JavaServer Pages (JSP) specification from the Apache Jakarta project.
.
This package contains an Apache 2 module (mod_jk) to forward requests
from Apache to Tomcat using the AJP 1.3 or 1.4 protocol. It can either
talk to Tomcat on the local machine or to a remote engine using TCP.
- libapache2-mod-jk-dbgsym: debug symbols for libapache2-mod-jk
