tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sunil chandran <sunilonweb2...@yahoo.co.in>
Subject Re: avoiding ssl vulnerabilities in tomcat
Date Wed, 12 Aug 2009 07:12:49 GMT
Hello Sir,
I wish to confirm one more thing.
The issue is SSL vulnerability. from the responses, i understood that i need to upgrade to
tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment.
my quesiton is:
Is this vulernability solved in tomcat 5 version?Do i need to perform some additional stuff
to avoid this vulnerability?Any modification to be done in server.xml file to avoid the SSL
vulnerability

regardsSunil C
--- On Tue, 11/8/09, Mark Thomas <markt@apache.org> wrote:

From: Mark Thomas <markt@apache.org>
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List" <users@tomcat.apache.org>
Date: Tuesday, 11 August, 2009, 4:55 PM

sunil chandran wrote:
> Hello all,
>  
> OK i will upgrade.
> But what all changes required to update to tomcat 5.
> what all changes reuired to upgrade to tomcat 4.1.40

You may as well do the job properly and upgrade to 6.0.20.

For you app? No changes should be required.

For your Tomcat configuration? Start with the clean configuration
provided with 6.0.20 and add any modifications you need. Be aware that
the config has changed in particular:
- the <Logger> element is no longer used
- Resource configuration has changed

See the docs for the details.

Mark



>  
>  
> 
> --- On Mon, 10/8/09, Caldarale, Charles R <Chuck.Caldarale@unisys.com> wrote:
> 
> 
> From: Caldarale, Charles R <Chuck.Caldarale@unisys.com>
> Subject: RE: avoiding ssl vulnerabilities in tomcat
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Date: Monday, 10 August, 2009, 7:10 PM
> 
> 
>> From: sunil chandran [mailto:sunilonweb2002@yahoo.co.in]
>> Subject: Re: avoiding ssl vulnerabilities in tomcat
>>
>> Is there any patch provided so that i can still use the same version
>> 4.1.24 itself.
> 
> No, you *must* upgrade.  Your reluctance to do so borders on the ridiculous.
> 
> - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
> 
> 
> 
> Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




      Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message