tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2
Date Tue, 12 Dec 2000 01:59:35 GMT
Hans Bergsten wrote:

> "Craig R. McClanahan" wrote:
> > [...]
> > Proposal #1:  Release a Tomcat 3.1.1 that fixes *only* the security problems
>
> +0. Is removing TC 3.1 from the download pages an alternative? There shouldn't
> be any reason for anyone to use TC 3.1 now when 3.2 is released. Upgrading to
> 3.2.1 could be the recommended action for all TC 3.1 users that need to plug
> the security holes.
>

I'm certainly game to remove 3.1 once we know that 3.1.1 doesn't introduce any nasty
problems, but just removing 3.1 doesn't help all the thousands of people who have
apps running on 3.1 and who cannot, for various reasons, immediately upgrade.

>
> > Proposal #2:  Release a Tomcat 3.2.1 that fixes the following security problems
> > plus the patches committed to date.
>
> +1
>
> Hans

Craig



Mime
View raw message