On 10/10/2010 20:32, Brian wrote: > I'm not using Jrun, but I guess the vulnerability applies also to Tomcat > 6.0.29 so they treated me as if I was using Jrun with that vulnerability.
That guess has no basis in fact. > Does anybody know what should I do to solve this now? There is nothing to fix unless you are running an app that is vulnerable (possible if the app manages its own authentication). If you are, fix your app. > I guess they are talking about this issue (please read issue # 2): > http://www.developer.com/java/web/article.php/3904871/Top-7-Features-in-Tomcat-7-The-New-and-the-Improved.htm Did you look at the Tomcat 6.0.x change log? Go read the entries for 6.0.21. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
