tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Punky Tse" <punky...@yahoo.com>
Subject Re: Tomcat 4.0-beta-2 Security Vulnerability
Date Tue, 03 Apr 2001 01:44:52 GMT

And I think it is also good to state in the mail-announcement and in the
jakarta website that the b2 have such security vulnerability when b3 is
rolled out.

Punky


----- Original Message -----
From: "Craig R. McClanahan" <craigmcc@apache.org>
To: <tomcat-dev@jakarta.apache.org>
Sent: Tuesday, April 03, 2001 7:38 AM
Subject: Re: Tomcat 4.0-beta-2 Security Vulnerability


>
>
> On Mon, 2 Apr 2001, Mel Martinez wrote:
>
> >
> > --- "Craig R. McClanahan" <craigmcc@apache.org> wrote:
> > >
> > > I suggest that we create a revised version of beta
> > > 2, clearly labelled so
> > > that people will know whether they have the
> > > corrected version or not --
> > > and we should do this immediately (like today) to
> > > minimize the number of
> > > people who end up downloading twice.
> > >
> > > I suggest we call the updated version "Tomcat
> > > 4.0-beta-2-update-1" or
> > > something like that.
> > >
> > > Comments?  Votes?
> > >
> >
> > I vote you just call it  "Tomcat-4.0-beta-3".  I don't
> > recall ever being told there were limits to the number
> > of betas one can produce.  :-)  I believe that a new
> > beta number is justified by any significant bug fix or
> > fixes and a security hole is definitely significant,
> > even if the code change may be tiny.
> >
> > By labeling it 'beta-3' it is CLEARLY the latest build
> > and CLEARLY newer than beta-2.
> >
>
> Makes sense to me.  "Beta 3" it is.
>
> > fwiw,
> >
> > Dr. Mel Martinez
> > G1440, Inc.
> >
>
> Craig


Mime
View raw message