tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Downey <steve.dow...@netfolio.com>
Subject RE: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2
Date Fri, 15 Dec 2000 20:12:38 GMT
If the diff between 3.1.1 and 3.1 is small, yes, they can upgrade to 3.1.1
and not to 3.2. 

That's what being in production is like.

Enough has changed between 3.1 and 3.2 that any application should go
through a full QA cycle before being moved to the new platform. Not that I
would really expect anything to show up, but it would be irresponsible not
to.  

Forcing people to take new features along with bug fixes is never a good
idea.


-----Original Message-----
From: Jon Stevens [mailto:jon@latchkey.com]
Sent: Monday, December 11, 2000 9:55 PM
To: tomcat-dev@jakarta.apache.org
Subject: Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2


on 12/11/2000 5:59 PM, "Craig R. McClanahan" <Craig.McClanahan@eng.sun.com>
wrote:

> I'm certainly game to remove 3.1 once we know that 3.1.1 doesn't introduce
any
> nasty
> problems, but just removing 3.1 doesn't help all the thousands of people
who
> have
> apps running on 3.1 and who cannot, for various reasons, immediately
upgrade.

They can upgrade to 3.1.1 but not 3.2? Huh?

No, make people upgrade to 3.2. There are WAY to many advantages to having
3.2.

-jon

-- 
Honk if you love peace and quiet.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<This electronic mail transmission may contain confidential
information and is intended only for the person(s) named.  Any use, copying
or disclosure by any other person is strictly prohibited.  If you have
received this transmission in error, please notify the sender via
e-mail.>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>

Mime
View raw message