tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [Fwd: [Security] - **Updated** Important vulnerability disclosed in Apache Tomcat webdav servlet]
Date Sun, 21 Oct 2007 16:41:20 GMT
William L. Thomson Jr. wrote:
> I take it down streams should run with the first patches to work around
> this vulnerability till next release. I already applied the one liner,
> kinda glad I did not apply the other last night ;) Please advise,
> thanks.

You need a version of the second patch for a complete fix. If you want
logging - apply my version, if you don't - apply Remy's. Both fix the
problem, just in slightly different ways.

We'll have to wait and see which way the voting goes for which patch
gets incorporated into the code base.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message