Thanks Mark, we were wanting to wait til 5.5.28, I will see if we can. But thanks for the steps on the build.
On Sat, Jul 25, 2009 at 3:07 AM, Mark Thomas <ma...@apache.org> wrote: > Dave Thomson wrote: > > Does anyone have any suggestions on how to apply these security patches? > Is > > it just a matter of copying the appropriate .jar files to the appropriate > > location while Tomcat is turned off? > No. > > You have two options. > > 1. Wait until 5.5.28 is released which should be in around a week and > then upgrade to 5.5.28. > > 2. Get the 5.5.27 source distribution. Apply the source code patches > listed for the vulnerabilities that affect your system. Build a local > version of Tomcat from this modified source. Upgrade to your locally > built Tomcat. > > Mark > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
