tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Tomcat 4.0-beta-2 Security Vulnerability
Date Mon, 02 Apr 2001 23:38:24 GMT


On Mon, 2 Apr 2001, Mel Martinez wrote:

> 
> --- "Craig R. McClanahan" <craigmcc@apache.org> wrote:
> > 
> > I suggest that we create a revised version of beta
> > 2, clearly labelled so
> > that people will know whether they have the
> > corrected version or not --
> > and we should do this immediately (like today) to
> > minimize the number of
> > people who end up downloading twice.
> > 
> > I suggest we call the updated version "Tomcat
> > 4.0-beta-2-update-1" or
> > something like that.
> > 
> > Comments?  Votes?
> > 
> 
> I vote you just call it  "Tomcat-4.0-beta-3".  I don't
> recall ever being told there were limits to the number
> of betas one can produce.  :-)  I believe that a new
> beta number is justified by any significant bug fix or
> fixes and a security hole is definitely significant,
> even if the code change may be tiny.
> 
> By labeling it 'beta-3' it is CLEARLY the latest build
> and CLEARLY newer than beta-2.
> 

Makes sense to me.  "Beta 3" it is.

> fwiw,
> 
> Dr. Mel Martinez
> G1440, Inc.
>  

Craig


Mime
View raw message