tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yoav Shapira" <>
Subject Re: Removing the examples (JSP/servlet) in TC Binaries
Date Mon, 09 Jul 2007 13:40:22 GMT

On 7/9/07, jean-frederic clere <> wrote:
> The examples (servlet and JSP) have caused a list of security issues.
> I think we should remove them from the Tomcat binary packages (6.0 and
> 5.x at least).
> Any comments?

I'd like to leave them in, as they're amazingly useful, especially for
beginners and/or new users.  Those kind of users are most likely to
use the binary packages.

Practically all the example-related security issues can be worked
around by commenting out and/or removing the examples webapps from
production servers.  That's good enough for me.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message