tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko" <knst.koli...@gmail.com>
Subject Re: Tomcat 5.5.26 Vulnerability - Test
Date Thu, 23 Oct 2008 14:30:49 GMT
2008/10/23 Gozde Aytan <gozdea@gmail.com>:
> Dear Mr. Crowther,
>
> Thank you for your quick response. We are using JDK 1.6.0_07. I do not have
> any idea about those vulnerabilities. I just follow the link:
> http://tomcat.apache.org/security-5.html and search for the vulnerabilities
> that are fixed in Tomcat 5.5.27 one by one and found the items that I've
> listed in my previous mail. Are those vulnerabilities fixed in 5.5.27 also
> related to Java? I just wanted to know, if we need to upgrade the Tomcat or
> not and for this decision I need to test these vulnerabilities somehow.
>

The issues that you listed ( 1) .. 10) ) are not from
http://tomcat.apache.org/security-5.html

There are 4 issues that were fixed in 5.5.27, and all of them are listed on
that page, and two of them are important ones.

If more information is required, follow the links or search the mailing
list archive.

Also, the following issue is present in 5.5.26, but fixed in 5.5.27:
https://issues.apache.org/bugzilla/show_bug.cgi?id=44494

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message