tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: avoiding ssl vulnerabilities in tomcat
Date Fri, 14 Aug 2009 14:25:31 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sunil,

On 8/13/2009 1:11 AM, sunil chandran wrote:
> Now installing tomcat 4.1.40 what all changes will be required in my sevice..
> 
> no change in application?

You are very unlikely to require any webapp changes.

> maybe installation and configuration changes will be needed?

You are very unlikely to require any configuration changes. That's what
moving from patch level (4.1.x to 4.1.y) means: very little should be
required of you.

That being said, it is up to you to read the change log to find out of
any breaking changes have been introduced. This often happens when a
security bug is fixed which requires, say, URLs to be interpreted
differently. If your webapp relies on that old behavior, you'll need to
make arrangements for that (often using a configuration parameter).

The ChangeLog for Tomcat 4.1 can be found here:

http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.40/RELEASE-NOTES-4.1.txt

It's not in the most easily-read format (changes are described by
component, then by version, rather than the other way around, which is
how I would have done it), but you still have to read it: look for every
change between 4.1.24 (that's your current version, right?) and 4.1.40.
You may have to read relevant bug reports, too.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqFc9oACgkQ9CaO5/Lv0PAYhQCeJkuKdCkwd/UcQHxUh7/Zii8l
KnIAoIClIURe/eRpAavc/HO2KtnkWhPc
=KB5m
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message