tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Downey <>
Subject RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2
Date Fri, 15 Dec 2000 20:12:38 GMT
If the diff between 3.1.1 and 3.1 is small, yes, they can upgrade to 3.1.1
and not to 3.2. 

That's what being in production is like.

Enough has changed between 3.1 and 3.2 that any application should go
through a full QA cycle before being moved to the new platform. Not that I
would really expect anything to show up, but it would be irresponsible not

Forcing people to take new features along with bug fixes is never a good

-----Original Message-----
From: Jon Stevens []
Sent: Monday, December 11, 2000 9:55 PM
Subject: Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2

on 12/11/2000 5:59 PM, "Craig R. McClanahan" <>

> I'm certainly game to remove 3.1 once we know that 3.1.1 doesn't introduce
> nasty
> problems, but just removing 3.1 doesn't help all the thousands of people
> have
> apps running on 3.1 and who cannot, for various reasons, immediately

They can upgrade to 3.1.1 but not 3.2? Huh?

No, make people upgrade to 3.2. There are WAY to many advantages to having


Honk if you love peace and quiet.

<<<<<<<This electronic mail transmission may contain confidential
information and is intended only for the person(s) named.  Any use, copying
or disclosure by any other person is strictly prohibited.  If you have
received this transmission in error, please notify the sender via

View raw message