On 27/11/2009 11:16, Peter Crowther wrote:
2009/11/27 Dan Bagley<dan.bag...@metadatatechnology.com>:
Server version: Apache Tomcat/5.5.20
That's 2.5 years old and has a number of known security
vulnerabilities. Given that the issue is the client's security review
process, have they reviewed later 5.5.x releases and verified that the
known issues aren't a problem for them?
It would be ironic if the security review process took so long that it
actually contributed to decreasing the security of their deployment.
p
OS Name: Linux
OS Version: 2.6.9-78.0.13.ELsmp
Architecture: amd64
JVM Version: 1.5.0_16-b02
JVM Vendor: Sun Microsystems Inc.
Just to check, does your working Linux / Tomcat 6.0 system have an
identical JVM on it (and are both JVMs 32-bit, or both 64-bit)? I'm
just trying to eliminate other variables, such as JVM version and
platform.
And yep this is a customer support issue as the later versions of Tomcat
have not been approved through there security review process, so they're
unable to move onto the later versions.
I'll double check Tomcat 5.5.28, but there still may be issues with the
client moving onto this release.
Good luck! You have the misfortune of posting this on a US holiday
weekend, by the way, so you might get fewer responses than usual as
our New World friends are giving thanks for their turkeys and stuffing
;-).
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
