suresh babu yella <suresh.b.ye...@gmail.com> wrote: >Hi Dan, > >We might consider for upgrading the tomcat later, due to to >supportability >concerns from Autonomy we cannot upgrade it to any of the higher >version. > >but right now we are looking to apply the fix for all CVE's we >identified, >it will be great if you can let me know the procedure.
The only available procedure is to upgrade. We do not provide patches for old releases. Mark > >Thanks >Suresh > > >On Wed, May 8, 2013 at 10:11 AM, Daniel Mikusa ><dmik...@gopivotal.com>wrote: > >> On May 8, 2013, at 12:11 PM, suresh babu yella wrote: >> >> > We are using tomcat 6.0.18 and we found below number of Common >> > Vulnerabilities and Exposures (CVE). >> >> Not surprising given the version that you are using. Latest version >is >> 6.0.37. >> >> > >> > High Vulns: 98 >> > >> > Medium Vulns: 50 >> > >> > Low Vulns: 6 >> > We cannot upgrade/patch any of those components due to >supportability >> > concerns from Autonomy. >> > >> > How can I apply a fix for all the CVE, I see the build instructions >in >> > below link but I was looking for applying the fixes without >upgrade. >> >> You should really consider upgrading. Why are you so opposed to >upgrading? >> >> Dan >> >> > >> > Security - >> > >> >http://tomcat.apache.org/security-6.html#Apache_Tomcat_6.x_vulnerabilities >> > Build Instructions - >> http://tomcat.apache.org/tomcat-6.0-doc/building.html >> > >> > >> > Thanks >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
