tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: reporting security problems
Date Sun, 08 Sep 2002 03:05:26 GMT
While some people use tomcat-dev (or even bugzilla), is
the preferred address.  There are Tomcat developers on that list, and
posting there allows the patch to get posted (usually a few hours) before
all of the black-hats know about it.

Personally, I'd prefer that you post to, since Apache is
strongly committed to closing security holds.  However, I'd understand if
you choose to post to tomcat-dev as well.

----- Original Message -----
From: "Christopher Todd" <>
To: <>
Sent: Saturday, September 07, 2002 4:43 PM
Subject: reporting security problems

> According to the Jakarta website, security problems for Jakarta projects
> should be reported to
> A colleague of mine and I are researching a potential security issue in
> Tomcat, and I wanted to confirm that we should use to
> report the issue, once our research is complete.  Is there a different
> address that is preferred for reporting and/or discussing Tomcat security
> issues?
> Chris
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message