Hans Bergsten wrote: > "Craig R. McClanahan" wrote: > > [...] > > Proposal #1: Release a Tomcat 3.1.1 that fixes *only* the security problems > > +0. Is removing TC 3.1 from the download pages an alternative? There shouldn't > be any reason for anyone to use TC 3.1 now when 3.2 is released. Upgrading to > 3.2.1 could be the recommended action for all TC 3.1 users that need to plug > the security holes. > I'm certainly game to remove 3.1 once we know that 3.1.1 doesn't introduce any nasty problems, but just removing 3.1 doesn't help all the thousands of people who have apps running on 3.1 and who cannot, for various reasons, immediately upgrade. > > > Proposal #2: Release a Tomcat 3.2.1 that fixes the following security problems > > plus the patches committed to date. > > +1 > > Hans Craig
- [SECURITY] Security Vulnerabilities in Tomcat 3.1 and ... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Remy Maucherat
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Hans Bergsten
- Re: [SECURITY] Security Vulnerabilities in To... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities i... Jon Stevens
- [PATCH] Jakarta site release page (was: [SECU... Kief Morris
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Jon Stevens
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Nick Bauman
- Re: [SECURITY] Security Vulnerabilities in To... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Glenn Nielsen
- Re: [SECURITY] Security Vulnerabilities in To... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities i... Glenn Nielsen
- RE: [SECURITY] Security Vulnerabilities in Tomcat... Larry Isaacs
