Apache TomcatApache Logo

The Apache Tomcat Connector

Documentation Index

Introduction

This is the top-level entry point of the documentation bundle for the Apache Tomcat Connectors

Select one of the links from the navigation menu (to the left) to drill down to the more detailed documentation that is available. Each available manual is described in more detail below.

Headlines

  • 1 March 2007 - JK-1.2.21 released

    The Apache Tomcat team is proud to announce the immediate availability of Tomcat Connectors 1.2.21 Stable.

    This version addresses the security flaw:
    CVE-2007-0774 A Long URL Stack Overflow Vulnerability exists in the URI handler for the mod_jk library. When parsing a long URL request, the URI worker map routine performs an unsafe memory copy. This results in a stack overflow condition which can be leveraged execute arbitrary code.

    Please note this issue only affected versions 1.2.19 and 1.2.20 of the JK Apache Tomcat Connector and not previous versions. Tomcat 5.5.20 and Tomcat 4.1.34 included a vulnerable version in their source packages. No other source code releases and no binary packages of Tomcat were affected.

    The Apache Tomcat project recommends that all users who have built mod_jk from source apply the patch or upgrade to the latest level and rebuild. Providers of mod_jk-based modules in pre-compiled form will be able to determine if this vulnerability applies to their builds. That determination has no bearing on any other builds of mod_jk, and mod_jk users are urged to exercise caution and apply patches or upgrade unless they have specific instructions from the provider of their module.

    The Tomcat Project thanks an anonymous researcher working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayintiative.com) for their responsible reporting of this vulnerability.

    Download the JK 1.2.21 release sources | PGP signature

    Download the binaries for selected platforms.

  • 10 December 2006 - JK-1.2.20 released

    The Apache Tomcat team is proud to announce the immediate availability of Tomcat Connectors 1.2.20 Stable.

    Download the JK 1.2.20 release sources | PGP signature

    Download the binaries for selected platforms.

  • 17 September 2006 - JK-1.2.19 released

    The Apache Tomcat team is proud to announce the immediate availability of Tomcat Connectors 1.2.19 Stable.

    Download the JK 1.2.19 release sources | PGP signature

    Download the binaries for selected platforms.

Reference Guide

  • workers.properties

    A Tomcat worker is a Tomcat instance that is waiting to execute servlets on behalf of some web server. For example, we can have a web server such as Apache forwarding servlet requests to a Tomcat process (the worker) running behind it.

    This page contains detailed description of all workers.properties directives.

  • uriworkermap.properties

    The forwarding of requests from the web server to tomcat gets configured by defining mapping rules. The so-called uriworkermap file is a mechanism of defining those rules.

  • Apache

    This page contains detailed description of all directives related to Apache web server.

  • IIS

    This page contains detailed description of all IIS directives.

Generic HowTo

  • Quick Start

    This page describes the configuration files used by JK on the Web Server side for the 'impatients'.

  • All about workers

    This page contains an overview about the various aspects of defining and using workers.

  • Load Balancing

    This page contains an introduction on load balancing with JK.

Webserver HowTo

These pages contain detailed descriptions of how to build and install JK for the various web servers.

AJP Protocol Reference

  • AJPv13

    This page describes the Apache JServ Protocol version 1.3 (hereafter ajp13).

  • AJPv13 Extension Proposal

    This page describes an extension proposal for ajp13.

Miscellaneous documentation

News

Release news from various years.

Copyright © 1999-2005, Apache Software Foundation