tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: avoiding ssl vulnerabilities in tomcat
Date Wed, 12 Aug 2009 10:08:54 GMT
sunil chandran wrote:
> Hello Sir,
> I wish to confirm one more thing.
> The issue is SSL vulnerability. from the responses, i understood that i need to upgrade
to tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment.
> my quesiton is:
> Is this vulernability solved in tomcat 5 version?
http://tomcat.apache.org/security-5.html

> Do i need to perform some additional stuff to avoid this vulnerability?
No.

Mark

> 
> regardsSunil C
> --- On Tue, 11/8/09, Mark Thomas <markt@apache.org> wrote:
> 
> From: Mark Thomas <markt@apache.org>
> Subject: Re: avoiding ssl vulnerabilities in tomcat
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Date: Tuesday, 11 August, 2009, 4:55 PM
> 
> sunil chandran wrote:
>> Hello all,
>>   
>> OK i will upgrade.
>> But what all changes required to update to tomcat 5.
>> what all changes reuired to upgrade to tomcat 4.1.40
> 
> You may as well do the job properly and upgrade to 6.0.20.
> 
> For you app? No changes should be required.
> 
> For your Tomcat configuration? Start with the clean configuration
> provided with 6.0.20 and add any modifications you need. Be aware that
> the config has changed in particular:
> - the <Logger> element is no longer used
> - Resource configuration has changed
> 
> See the docs for the details.
> 
> Mark
> 
> 
> 
>>   
>>   
>>
>> --- On Mon, 10/8/09, Caldarale, Charles R <Chuck.Caldarale@unisys.com> wrote:
>>
>>
>> From: Caldarale, Charles R <Chuck.Caldarale@unisys.com>
>> Subject: RE: avoiding ssl vulnerabilities in tomcat
>> To: "Tomcat Users List" <users@tomcat.apache.org>
>> Date: Monday, 10 August, 2009, 7:10 PM
>>
>>
>>> From: sunil chandran [mailto:sunilonweb2002@yahoo.co.in]
>>> Subject: Re: avoiding ssl vulnerabilities in tomcat
>>>
>>> Is there any patch provided so that i can still use the same version
>>> 4.1.24 itself.
>> No, you *must* upgrade.  Your reluctance to do so borders on the ridiculous.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL
and is thus for use only by the intended recipient. If you received this in error, please
contact the sender and delete the e-mail and its attachments from all computers.
>>
>>
>>
>> Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now!
http://messenger.yahoo.com/download.php
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> 
>       Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message