tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mel Martinez <>
Subject Re: Tomcat 4.0-beta-2 Security Vulnerability
Date Mon, 02 Apr 2001 23:29:28 GMT

--- "Craig R. McClanahan" <> wrote:
> I suggest that we create a revised version of beta
> 2, clearly labelled so
> that people will know whether they have the
> corrected version or not --
> and we should do this immediately (like today) to
> minimize the number of
> people who end up downloading twice.
> I suggest we call the updated version "Tomcat
> 4.0-beta-2-update-1" or
> something like that.
> Comments?  Votes?

I vote you just call it  "Tomcat-4.0-beta-3".  I don't
recall ever being told there were limits to the number
of betas one can produce.  :-)  I believe that a new
beta number is justified by any significant bug fix or
fixes and a security hole is definitely significant,
even if the code change may be tiny.

By labeling it 'beta-3' it is CLEARLY the latest build
and CLEARLY newer than beta-2.


Dr. Mel Martinez
G1440, Inc.

Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.

View raw message