Niki Diulgerov wrote: > Mark, > I used the build.xml downloaded from here > (http://tomcat.apache.org/tomcat-5.5-doc/build.xml). > Looking at it I can see that it checks out > http://svn.apache.org/repos/asf/tomcat/current/tc5.5.x (probably the > latest available revision).
Correct, that is the latest version of the 5.5.x branch. > Please advice me does it contain the latest approved patches or also the > latest applied (but still not approved) patches. That is the latest 5.5.x code and all patches have been voted for by at least 3 committers but that is not the same as an approved ASF release. We run a number of tests, primarily the Servlet and JSP TCKs to ensure spec compatibility. Releases also go through a number of other checks. > Should I change something in the build.xml script or I should manually > checkout from different location (or different revision but not the head > one) > > The idea is to check out the latest 5.5.x version with approved bugfixes > and to build tomcat, cause on tomcat.apache.org the binaries are from 2008. You have: - the latest 5.5.x code - all the recent security fixes - a number of bug fixes - see the change log - *no* guarantee that the build is spec compliant - something that is halfway between 5.5.27 and 5.5.28 Mark > > > > Best regards, > > Nikolay Diulgerov > Network Administrator > > > Mark Thomas wrote: >> Niki Diulgerov wrote: >> >>> After doing some reading of the documentation I found that these bugs >>> are fixed in the SVN repository. Also checking out the latest source I >>> can see that it is revision (Checked out revision 787991) and tomcat is >>> with version 5.5.28. >>> Following the simple instructions on the site >>> (http://tomcat.apache.org/tomcat-5.5-doc/building.html) anyone can build >>> the latest release and get version with these bugs fixed. >>> >> >> Just be aware that although what you download from svn today may call >> itself 5.5.28, there may be other changes made before 5.5.28 is tagged. >> >> If you want to work with the same source code as we used to build the >> release, you need to checkout the tag rather than trunk. >> >> Mark >> >> >>> >>> >>> Best regards, >>> >>> Nikolay Diulgerov >>> Network Administrator >>> >>> >>> >>> >>> David kerber wrote: >>> >>>> Niki Diulgerov wrote: >>>> >>>>> Hello there, >>>>> recently I'm reading in the security news channels that there are >>>>> discovered "multiple vulnerabilities" in tomcat and almost all >>>>> versions are affected. >>>>> For example these news from today: >>>>> http://www.linuxsecurity.com/content/view/149201?rdf >>>>> >>>>> On the other side, I can see that the latest version of tomcat is >>>>> 5.5.27 and the package is created in 2008 (06-Sep). >>>>> >>>>> Are there any fixes, or some new version comes soon? Does someone >>>>> know something about this. >>>>> >>>>> >>>> I asked this question a couple of weeks ago, and they said that the >>>> fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 >>>> lines will have this fixed in the not-too-distant future. >>>> >>>> D >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
