sunil chandran wrote: > Hello Sir, > I wish to confirm one more thing. > The issue is SSL vulnerability. from the responses, i understood that i need > to upgrade to tomcat latest version. As per the team, it is recommended to go > for Tomcat 5 in our environment. > my quesiton is: > Is this vulernability solved in tomcat 5 version? http://tomcat.apache.org/security-5.html
> Do i need to perform some additional stuff to avoid this vulnerability? No. Mark > > regardsSunil C > --- On Tue, 11/8/09, Mark Thomas <ma...@apache.org> wrote: > > From: Mark Thomas <ma...@apache.org> > Subject: Re: avoiding ssl vulnerabilities in tomcat > To: "Tomcat Users List" <users@tomcat.apache.org> > Date: Tuesday, 11 August, 2009, 4:55 PM > > sunil chandran wrote: >> Hello all, >> >> OK i will upgrade. >> But what all changes required to update to tomcat 5. >> what all changes reuired to upgrade to tomcat 4.1.40 > > You may as well do the job properly and upgrade to 6.0.20. > > For you app? No changes should be required. > > For your Tomcat configuration? Start with the clean configuration > provided with 6.0.20 and add any modifications you need. Be aware that > the config has changed in particular: > - the <Logger> element is no longer used > - Resource configuration has changed > > See the docs for the details. > > Mark > > > >> >> >> >> --- On Mon, 10/8/09, Caldarale, Charles R <chuck.caldar...@unisys.com> wrote: >> >> >> From: Caldarale, Charles R <chuck.caldar...@unisys.com> >> Subject: RE: avoiding ssl vulnerabilities in tomcat >> To: "Tomcat Users List" <users@tomcat.apache.org> >> Date: Monday, 10 August, 2009, 7:10 PM >> >> >>> From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in] >>> Subject: Re: avoiding ssl vulnerabilities in tomcat >>> >>> Is there any patch provided so that i can still use the same version >>> 4.1.24 itself. >> No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all computers. >> >> >> >> Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download >> Now! http://messenger.yahoo.com/download.php > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > Yahoo! recommends that you upgrade to the new and safer Internet > Explorer 8. http://downloads.yahoo.com/in/internetexplorer/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
