geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject Re: Tomcat webdav issue and Geronimo 2.1
Date Fri, 07 Dec 2007 20:42:22 GMT

On Dec 7, 2007, at 2:44 PM, Joe Bohn wrote:

>
> I was just looking into updating Tomcat for the Geronimo 2.1 release  
> with an eye toward getting a fix integrated for the Webdav servlet  
> security issue.
>
> There are 3 possible approaches:
>
> 1) Apply the Webdav patch to the 6.0.13 image with the annotation  
> changes and one other minor change (basically our current  
> 6.0.13_G543818 build plus the WebDav fix).  Check this into our  
> private repository in trunk.
>
> 2) Checkout 6.0.14, apply the Webdav patch and annotation changes.  
> Check this into our private repository in trunk.
>
> 3) Checkout tomcat trunk (6.0.x) which already includes the Webdav  
> patch but not the annotation changes.  Apply the annotation changes  
> for our private build and check it into our repository in trunk.
>
> I personally think #2 is probably best although it might expose some  
> other issues in tomcat.  We could always fall back to #1 if  
> necessary. There was an attempt made at a tomcat 6.0.15 a few weeks  
> back but it failed due to some context and tck issues ... hence my  
> reservations with 6.0.x since it probably has those same issues.

OK. Good, I think, to upgrade to 6.0.14. So, I like your plan # 2.

--kevan

Mime
View raw message