JServ/GNUJSP remote unauthorized file access - 21 Feb 2002
A Remote unauthorized file access was found when GNUJSP is used with JServ. More information (and a patch for GNUJSP 1.0.0) can be found on the BugTraq mailinglist archive. A security fix for the Debian package has been announced. We will provide a security release of GNUJSP 1.0.2 soon.
GNUJSP 1.0.1 released - 8 Oct 2000 GNUJSP 1.0.1 as been released. Special thanks go to Carsten Heyl who did a lot of work on it and pushed to get this release out.
Notable changes and new features in this version are:
- support for virtual hosts and mappings under Apache + JServ
- support for Apache-style language negotiation based on extension
- new "keepJava" parameter to save generated .java files
- new "usehostname" parameter to run virtual hosts in one scratchdir
- all Throwables are caught and sent to errorPage, not just Exceptions
- better support for Win32 systems
- you need sax2.jar and openxml-1.2-w3c.jar now
- initial xml parsing support
- no more close on end of page
- no need for pagebase on apache anymore
Thanks to all the people that contributed to this release: Wes Biggs, Noel J. Bergman, Peter Rossbach, Carsten Heyl, Simon Waterhouse, Gavin Porter, Herve' Boutemy, Miles Chaston, Eugen Kuleshov, Van Marshall, Mike Hardy, Joachim Achtzehnter, Mark Wielaard, Kawamichi Ryoji, Paul Siegmann, Kent Smotherman and all the contributors to the GNUJSP mailing list. See the CHANGES file for details.
GNUJSP 1.0.1Pre1 - 21 Apr 2000 The first pre-release of GNUJSP 1.0.1 as been announced!
Please use the snapshot version - 23 Mar 2000: If you have any problems with the latest GNUJSP release (1.0.0) please try a current snapshot first. The snapshot version is quite easy to use: Download, Extract, Change the name of the jar in your config (only once when you had GNUJSP 1.0 before), change the path to the GNUJSP jars, run. Please try the snapshot! We will make a new release soon. Thanks.
GNUJSP CVS snapshots back online - 26 Oct 1999: The GNUJSP CVS Snapshot Package of Carsten Heyl is back online at http://188.8.131.52/alph/gnujsp/pkg/Welcome.html. Since it is likely to move in the future we made http://www.klomp.org/gnujsp/snapshot.html an automatic redirect to that page. The CVS version already contains some small fixes (since GNUJSP 1.0.0) for JspServlet.getResourceImpl and HTML comments. But be careful, it is experimental!
GNUJSP 1.0.0 released! - 18 Oct 1999: You can finally download GNUJSP 1.0.0. Since the old 0.9.x version are no longer supported they have moved from the GNUJSP homepage to their own (historic) GNUJSP 0.9.x page.
Last chance! - 14 Oct 1999: Carsten Heyl send a message to the mailinglist to tell that he thinks it is time for GNUJSP 1.0.0 to be released. That means last chance for contributions and fixes!
Please use the snapshots - 7 Oct 1999: If you want to try out the new GNUJSP please make sure to use the latest snapshots. A lot has changed in recent versions and old versions are no longer supported. The new code has moved (back) to the org.gjt.jsp package in CVS. And there is a new install document (but please also check the latest documentation in the snapshot jar). Enjoy!
Mailinglist back online: The troubles with the GNUJSP mailinglist were quickly solved by Tim Enders who hosts the mailinglist at the GJT (Thanks Tim!). The emergency list
firstname.lastname@example.org has been disabled.
Mailinglist troubles: The GNUJSP mailinglist
email@example.com seems to have some problems. I have set up an emergency list at
firstname.lastname@example.org. All current subscribers have been temporarily moved to the new list. If you want to (un)subscribe please email
email@example.com and I will add or remove you manually.
Old CVS snapshots removed - Use the new ones: The old CVS snapshots where removed from this page since they confused people. Please use the fresh ones at the GNUJSP CVS Snapshot Package page of Carsten Heyl (it is updated every hour!). If you want to know what has changed please look at the CHANGES file.
New fresh CVS - Every Hour: An hourly-updated-ready-to-use package of current gnujsp fresh from the CVS has been created by Carsten Heyl. The CVS-Stuff is removed, jar-file is included and the file structure is cleaned up. Is this what they call release early/release often :)
GJT CVSLet now contains all the latest changes: You can get the latest CVS snapshot via the CVSLet (click on the 'download' link which gets you a zip file). This means we won't post snapshots here anymore because the version from GJT should always be up to date. Please email me if this is inconvenient for you and like to see snapshots on this site.
Latest CVS snapshot (Sep 6 1999): There is a new CVS snapshot that includes changes by Wes Biggs that make it work with the latest JSP API. (Old snapshots removed, please get a fresh new one.)
It is all in CVS now: Wes Biggs put all the documentation, testsuites and examples from the latest 1.0b6 version in CVS and rearranged the source a bit.
Really nescessary cleanup/changes: Carsten Heyl has set up a page with GNUJSP (1.0b) addons and a testsuite.
A lot of people started hacking: Serge Nekoval has contributed an improved MailBean and Yaroslav Faybishenko brought GNUJSP light years forward to the 1.0 spec. (Hopefully we will soon merge his effort and the effort by Paul Siegmann.)
MORE NEWS: Paul Siegmann has started an experimental branch to upgrading GNUJSP to version 1.0 of the JSP specification.
NEWS: Since a couple of people indicated that they wanted to work on GNUJSP we have set up a GNUJSP Patches page. We hope this will help people to work on the options that Vincent mentioned above.
A few months ago Vincent Partington (the original maintainer of GNUJSP) wrote:
N.B.: Due to a busy daytime job and changed interests I have decided to not continue development of GNUJSP, which means I won't implement a JSP 1.0 compliant version of GNUJSP. A lot of people have asked me about this, and I have thought about this long and hard. In the end I concluded my heart was not completely in it, and that would not be good for the quality of such a piece of software.
It has been a fun year, with lots of nice and encouraging emails from all of you, and a positive atmosphere in the JSP community. Thank you all for that! Maybe the readers of the GNUJSP mailing list will cooperate and build a JSP 1.0 compliant version, maybe the Jakarta project will be able to use the GNUJSP code, maybe someone will do a complete rewrite. All options are open, that's what free software is all about!
As you can see above this does not mean the end of GNUJSP since a lot of people fix and upgrade GNUJSP now.