tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Anderson" <MMAND...@novell.com>
Subject Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2
Date Tue, 12 Dec 2000 17:28:12 GMT


>>> Craig.McClanahan@eng.sun.com 12/11/00 06:19PM >>>
>Over the last three days, a review of published and soon-to-be-published reports
>of security vulnerabilities in Tomcat has uncovered a series of problems in the
>3.1 final release, and a couple of less serious (but still significant) problems
>in 3.2.  Please vote (quickly) on the following two issues:
>
>
>Proposal #1:  Release a Tomcat 3.1.1 that fixes *only* the security problems
>. . . .

+1

>Proposal #2:  Release a Tomcat 3.2.1 that fixes the following security problems
>plus the patches committed to date.
>. . .

+1

If possible, I would like to see the two patches that I posted (and sent to Craig) for
NetWare in the 3.2.1 build.  They only affect the native connectors on NetWare, 
but there are several people inside and outside of Novell that are starting to use
Tomcat 3.2.  If not, I'll try and keep as many of these as I know about up to date
with what I build until the patches are checked in.  Either way, security fixes are
more important.

> Craig

Mike Anderson
Senior Software Engineer
Platform Services Group
mmanders@novell.com
Novell, Inc., the leading provider of Net services software
www.novell.com

Mime
View raw message