geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bohn <>
Subject Tomcat webdav issue and Geronimo 2.1
Date Fri, 07 Dec 2007 19:44:15 GMT

I was just looking into updating Tomcat for the Geronimo 2.1 release 
with an eye toward getting a fix integrated for the Webdav servlet 
security issue.

There are 3 possible approaches:

1) Apply the Webdav patch to the 6.0.13 image with the annotation 
changes and one other minor change (basically our current 6.0.13_G543818 
build plus the WebDav fix).  Check this into our private repository in 

2) Checkout 6.0.14, apply the Webdav patch and annotation changes. 
Check this into our private repository in trunk.

3) Checkout tomcat trunk (6.0.x) which already includes the Webdav patch 
but not the annotation changes.  Apply the annotation changes for our 
private build and check it into our repository in trunk.

I personally think #2 is probably best although it might expose some 
other issues in tomcat.  We could always fall back to #1 if necessary. 
There was an attempt made at a tomcat 6.0.15 a few weeks back but it 
failed due to some context and tck issues ... hence my reservations with 
6.0.x since it probably has those same issues.

Does anybody have any concerns with this approach or any better suggestions?


View raw message