+1 Releasing 4.0.3 by the end of the week should be sufficient.
Remy Maucherat wrote:
>
> Hi,
>
> I'd like to propose to release Tomcat 4.0.3 Beta 1 at the end of this week
> (03/01 seems an appropriate target). This release will include the fix for
> the security issue publicized earlier today, as well as other fixes. I
> personally don't think the issue is significant enough so that there's the
> need for a full 4.0.2a release, or an emergency 4.0.3 release.
>
> I will also make available a binary patch for 4.0.2 Final, which will fix
> the vulnerability. Note: This has never been done in the past, so I'm not
> convinced this is really a good idea. Security patches could be *the*
> exception, and justify it.
>
> Votes / comments ?
>
> Remy
>
> --
> To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
--
----------------------------------------------------------------------
Glenn Nielsen glenn@more.net | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
|