tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Veniamin Fichin <3ca28...@mail.ru>
Subject JSP source code exposure in Tomcat 4.x
Date Tue, 24 Sep 2002 14:36:37 GMT
Rossen Raykov wrote:

> 	Tomcat 4.x JSP source exposure security advisory
> 
> 1. Summary
> Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
> vulnerable to source code exposure by using the default servlet
> org.apache.catalina.servlets.DefaultServlet.
--= [ cut ] =--
> 3. Solution:
> 	3.1 Upgrade to the last releases 4.0.5 and 4.1.12
> 		See
> http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/ for the last
> releases.

I'm a newbie to Tomcat and JSP at all, so I have a question: can this upgrade be done by using
new binaries only, not by upgrading an entire distribution including configs? I don't want
to overwrite my configure files, because it took some time for me to understand its structure
and meaning.



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message