2011/9/28 Wilde, Bruce R. <bruce.r.wi...@saic.com>: > So, what are security minded system administrators to do about > mitigating CVE-2011-3190 against V6.0.33? > > From the > http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34_( > not_yet_released) page > > "Mitigation options: > > Upgrade to Tomcat 6.0.34. [Ed. What is the expected release > date?]
or to 7.0.21 > Apply the appropriate patch. [Ed. Patch provides 2 java source > files; requiring a re-compilation] man patch svn help patch (since Subversion 1.7) Or apply it manually using your text editor of choice. > Configure both Tomcat and the reverse proxy to use a shared > secret. Read "configuration reference". Any Tomcat administrator should have done so once. > ... > Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector > implementation. The above one is the easiest. I would recommend it. BTW, this is the connector implementation that is used by default when you do not have "Tomcat-Native/APR" installed. That is what most users are already using by default. Regarding original question "how to build it": There are - BUILDING.txt - webapps/docs/building.html in every release. What else is needed? Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
