geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@apache.org>
Subject Re: Fw: geronimo 1.0 - CSS vulnerabilities
Date Tue, 17 Jan 2006 19:13:54 GMT
Dave,

By all means...go for it! ;-)

Jeff

Dave Colasurdo wrote:
> Jeff Genender wrote:
>>
>>>
>>> Since Tomcat claims to fix this in v5.5.7, we may have to implement the
>>> tactical solution in our apps till we move to Tomcat 5.5.7.
>>
>>
>> We currently use 5.5.9, so I would assume this has been tended too.  Has
>> anybody examined this to be the case (or not)?
>>
> 
> Ran a quick test with various levels of Tomcat.  The vulnerability was
> fixed in Tomcat 5.5.7 though seems to have reared it's head again in
> Tomcat 5.5.9 and 5.5.12.
> 
> Jeff, Are you planning to pursue with the Tomcat folks or do I need to
> post to their user mailing list?
> 
> Thanks
> -Dave-
> 
> 

Mime
View raw message