tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Nessus scan claims vulnerability in Tomcat 6
Date Tue, 26 Feb 2013 15:17:53 GMT
Hash: SHA256


On 2/26/13 7:04 AM, Mark Thomas wrote:
> On 26/02/2013 03:09, Robert Klemme wrote:
>> I found that but wasn't aware that this is actually used in
>> Tomcat.
> SSLDisableCompression on the APR connector as of 7.0.37
>>> There is no 6.0.x release with the necessary options yet.
>> Do you know whether there will be?
> There will be but I'm not aware of any planned timing at this
> point. The changelog isn't that long but it has been a while since
> the last release so I guess we should start thinking about it.

This has been proposed for Tomcat 6.0.x and there are 2 votes for it
thus far. Once we get another vote, someone (probably I) will commit
the patch and then you just have to wait for another release. 6.0.x
releases are less frequent than 7.0.x because Tomcat 6 is ... mature.

I'm in Portland with several other Tomcat devs and I'm sure I can a)
get someone else to vote for my patch and b) convince someone to roll
a release in the near future.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message