tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yoav Shapira" <>
Subject Re: Proposed new security pages
Date Tue, 20 Feb 2007 23:06:44 GMT

On 2/20/07, Filip Hanik - Dev Lists <> wrote:
> sounds good, as long as we don't publish vulnerabilities until they are
> indeed fix and the release has been voted stable

Agreed except the "stable" part.  When the vulnerabilities have been
fixed in any release, including alpha / beta, they can be made public.
 If the security issue is urgent there's likely to be a release with
nothing (or very little) except the security fix anyways.  Those who
need to upgrade urgently can do so.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message