Timothy Wonil Lee wrote: > I am especially interested in those two session hijacking vulnerability > fixes. Are they included in 5.5.25? Yes.
> Second question is: if they are fixed in 5.5.25, is it possible to just drop > in the Jar files (catalina.jar?) to the current production Tomcat server/lib > (it's 5.5.23) to apply the security fixes? It *might* appear to work but this is a very risky approach. > (I guess i'd have to restart Tomcat still) If you did this, yes you'd have to restart Tomcat > Or must I re-install the whole package? This is by far the better option. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
