Apache Tomcat 7.0.21 has been released and is available for immediate download from http://tomcat.apache.org/download-70.cgi
Mark Thomas notes on the Tomcat Users list:
"Apache Tomcat 7.0.21 includes security fixes, bug fixes and new features compared to version 7.0.20 including:
- A fix for CVE-2011-3190 that allowed an attacker to inject requests when Tomcat was configured behind a reverse proxy using the AJP protocol.
- Multiple additions and improvements to the memory leak detection/prevention features.
- Improved validation of received AJP messages.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
- A fix for CVE-2011-3190 that allowed an attacker to inject requests when Tomcat was configured behind a reverse proxy using the AJP protocol.
- Multiple additions and improvements to the memory leak detection/prevention features.
- Improved validation of received AJP messages.
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
