tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Dealing with the Tomcat 3.3 "aux.jsp" DOS problem and a Tomcat 3. 3.1 release
Date Thu, 10 Jan 2002 01:31:15 GMT

----- Original Message -----
From: "Bojan Smojver" <bojan@binarix.com>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Wednesday, January 09, 2002 5:26 PM
Subject: Re: Dealing with the Tomcat 3.3 "aux.jsp" DOS problem and a Tomcat
3. 3.1 release


> cmanolache@yahoo.com wrote:
>
> > So far the changes in 3.3 tree were only bug fixes and
> > what I've seen so far was pretty clear and simple -
> > I think the head of 3.3 is as good or better than 3.3.0.
>
>
> There were a few new features as well (at least STM pooling and
> SSLSessionID checks), but they should be either fairly safe (STM
> pooling) or turned off by default (SSLSessionID's). I agree that the
> current CVS version of 3.3 is better then the released 3.3. Many bugs
> have been fixed.
And let's not forget PureTLS support.
>
>
> > We could also take 3.3.0, replace tomcat_utils.jar
> > and label it 3.3.1  - and then in 2-3 weeks release
> > 3.3.2 with te head.
>
>
> Why don't we just say that due to recently discovered security issues,
> the release schedule has been changed and 3.3.1 is out with the latest
> security fixes. Then 3.3.2 gets released later in an orderly fashion.
>
This would be my preference.  There are currently 18 bugs open against 3.3
(about half of them having to do with connectors).  It would be nice to get
a chance to close them before 3.3.2.
>
> > But I'm +1 on whatever you choose. Let me know if/how
> > I can help - I don't have time but I could sleep less :-)
>
>
> I concur with Costin here. Your pick is +1.
me2
>
> Bojan
>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message