tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <...@latchkey.com>
Subject [SECURITY] Re: Mac OS X Server source code available
Date Fri, 15 Jun 2001 05:21:32 GMT
on 6/14/01 2:51 PM, "Ron Dumont" <rond@apple.com> wrote:

> Tomcat 3.1

For some reason it seems that Apple decided to ship a version of Tomcat that
has known security holes in it. :-( This version isn't even available for
easy download off of the Apache site.

Looking at the CVS/Tag files of the distribution off the Apple website, it
isn't even the TOMCAT_31_FINAL branch which would have probably been the
right version to ship. However...

>From the Tomcat website:

> Tomcat 3.1.x. The 3.1 release contained several improvements over Tomcat 3.0,
> including servlet reloading, WAR file support and added connectors for the IIS
> and Netscape web servers. The latest maintenance release, 3.1.1, contained
> fixes for security problems. There is no active development ongoing for Tomcat
> 3.1.x. Users of Tomcat 3.1 should update to 3.1.1 to close the security holes
> and they are strongly encouraged to migrate to the current production release,
> Tocmat 3.2.1.

Please send out an update to people to upgrade them to the 3.2.2 version
ASAP.

-jon stevens

-- 
"Open source is not available to commercial companies."
            -Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>


Mime
View raw message