Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

[Craig R. McClanahan]

Glenn Nielsen wrote:

> Very shortly I will have some updated documents for configuring Tomcat to use
> the Java SecurityManager under various flavors of MS Windows.  I would like
> to get this into the 3.2.1 release.
>
> +1 If you can hold off a day so I can get these documents updated
>

I would be really uncomfortable holding off security related fixes for "feature"
improvements (or even bug fixes), when we can roll a 3.2.2 release as soon as the
changes are committed and tested.  Keep in mind that we're bypassing the usual "beta
test" period if we release 3.2.1 ASAP, so adding lots of things creates some measure
of risk.


> Regards,
>
> Glenn
>

Craig

PS:  Thanks to Arieh for catching my stupid typo in the fixes for META-INF and WEB-INF
checking ... I will make sure those are repaired before cutting the real releases.