2008/10/23 Gozde Aytan <[EMAIL PROTECTED]>: > Dear Mr. Crowther, > > Thank you for your quick response. We are using JDK 1.6.0_07. I do not have > any idea about those vulnerabilities. I just follow the link: > http://tomcat.apache.org/security-5.html and search for the vulnerabilities > that are fixed in Tomcat 5.5.27 one by one and found the items that I've > listed in my previous mail. Are those vulnerabilities fixed in 5.5.27 also > related to Java? I just wanted to know, if we need to upgrade the Tomcat or > not and for this decision I need to test these vulnerabilities somehow. >
The issues that you listed ( 1) .. 10) ) are not from http://tomcat.apache.org/security-5.html There are 4 issues that were fixed in 5.5.27, and all of them are listed on that page, and two of them are important ones. If more information is required, follow the links or search the mailing list archive. Also, the following issue is present in 5.5.26, but fixed in 5.5.27: https://issues.apache.org/bugzilla/show_bug.cgi?id=44494 Best regards, Konstantin Kolinko --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
