on 6/14/01 2:51 PM, "Ron Dumont" <[EMAIL PROTECTED]> wrote:
> Tomcat 3.1
For some reason it seems that Apple decided to ship a version of Tomcat that
has known security holes in it. :-( This version isn't even available for
easy download off of the Apache site.
Looking at the CVS/Tag files of the distribution off the Apple website, it
isn't even the TOMCAT_31_FINAL branch which would have probably been the
right version to ship. However...
>From the Tomcat website:
> Tomcat 3.1.x. The 3.1 release contained several improvements over Tomcat 3.0,
> including servlet reloading, WAR file support and added connectors for the IIS
> and Netscape web servers. The latest maintenance release, 3.1.1, contained
> fixes for security problems. There is no active development ongoing for Tomcat
> 3.1.x. Users of Tomcat 3.1 should update to 3.1.1 to close the security holes
> and they are strongly encouraged to migrate to the current production release,
> Tocmat 3.2.1.
Please send out an update to people to upgrade them to the 3.2.2 version
ASAP.
-jon stevens
--
"Open source is not available to commercial companies."
-Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>
