----- Original Message ----- From: "Bojan Smojver" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Wednesday, January 09, 2002 5:26 PM Subject: Re: Dealing with the Tomcat 3.3 "aux.jsp" DOS problem and a Tomcat 3. 3.1 release
> [EMAIL PROTECTED] wrote: > > > So far the changes in 3.3 tree were only bug fixes and > > what I've seen so far was pretty clear and simple - > > I think the head of 3.3 is as good or better than 3.3.0. > > > There were a few new features as well (at least STM pooling and > SSLSessionID checks), but they should be either fairly safe (STM > pooling) or turned off by default (SSLSessionID's). I agree that the > current CVS version of 3.3 is better then the released 3.3. Many bugs > have been fixed. And let's not forget PureTLS support. > > > > We could also take 3.3.0, replace tomcat_utils.jar > > and label it 3.3.1 - and then in 2-3 weeks release > > 3.3.2 with te head. > > > Why don't we just say that due to recently discovered security issues, > the release schedule has been changed and 3.3.1 is out with the latest > security fixes. Then 3.3.2 gets released later in an orderly fashion. > This would be my preference. There are currently 18 bugs open against 3.3 (about half of them having to do with connectors). It would be nice to get a chance to close them before 3.3.2. > > > But I'm +1 on whatever you choose. Let me know if/how > > I can help - I don't have time but I could sleep less :-) > > > I concur with Costin here. Your pick is +1. me2 > > Bojan > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
