-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Amit,
On 9/7/2011 2:30 PM, Anand, Amit (Contractor) wrote: > Kinda new to tomcat but have a couple quick questions which came > up regarding CVE-2011-3109 (Bug 51698). > > Any timeline to when stable release of 6.0.34 is supposed to be > released? Officially, it's "ready when it's ready". Given that this is classified as an "important" fix, I suspect that 6.0.34 will have a small lag time since 6.0.33 than 6.0.33 did from 6.0.32 (which was about 6.5 months). > Also what does "in trunk" specifically mean? Does that mean if I > download say version 6.0.29 as of now, it will have the fix? Certainly not. What it means is that it will appear in the next release of the 6.0.x line of Tomcats which should be 6.0.34. I've been trying to determine if using an AJP "secret" will thwart this kind of attack. I suspect it will, but I can't get my TC to take a secret just now (see my post under separate cover). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5n8n8ACgkQ9CaO5/Lv0PC0awCeKRgoizbiaG/QZOowZfVnTXCC 1WIAnjJG5/G1ptQOdlLlpqL6ClKCBBzx =Rrgh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
