>>> [EMAIL PROTECTED] 12/11/00 06:19PM >>> >Over the last three days, a review of published and soon-to-be-published reports >of security vulnerabilities in Tomcat has uncovered a series of problems in the >3.1 final release, and a couple of less serious (but still significant) problems >in 3.2. Please vote (quickly) on the following two issues: > > >Proposal #1: Release a Tomcat 3.1.1 that fixes *only* the security problems >. . . . +1
>Proposal #2: Release a Tomcat 3.2.1 that fixes the following security problems >plus the patches committed to date. >. . . +1
If possible, I would like to see the two patches that I posted (and sent to
Craig) for
NetWare in the 3.2.1 build. They only affect the native connectors on
NetWare,
but there are several people inside and outside of Novell that are starting
to use
Tomcat 3.2. If not, I'll try and keep as many of these as I know
about up to date
with what I build until the patches are checked in. Either way,
security fixes are
more important.
> Craig Mike Anderson
Senior Software Engineer
Platform Services Group
Novell, Inc., the leading provider of Net services software
|
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... Glenn Nielsen
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities in To... Glenn Nielsen
- RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... Larry Isaacs
- RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... GOMEZ Henri
- RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... Brett Bergquist
- Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... Arieh Markel
- RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... Mike Anderson
- RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 ... Steve Downey