tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Nessus scan claims vulnerability in Tomcat 6
Date Tue, 26 Feb 2013 15:17:53 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 2/26/13 7:04 AM, Mark Thomas wrote:
> On 26/02/2013 03:09, Robert Klemme wrote:
>> 
>> I found that but wasn't aware that this is actually used in
>> Tomcat.
> 
> SSLDisableCompression on the APR connector as of 7.0.37
> 
>>> There is no 6.0.x release with the necessary options yet.
>> 
>> Do you know whether there will be?
> 
> There will be but I'm not aware of any planned timing at this
> point. The changelog isn't that long but it has been a while since
> the last release so I guess we should start thinking about it.

This has been proposed for Tomcat 6.0.x and there are 2 votes for it
thus far. Once we get another vote, someone (probably I) will commit
the patch and then you just have to wait for another release. 6.0.x
releases are less frequent than 7.0.x because Tomcat 6 is ... mature.

I'm in Portland with several other Tomcat devs and I'm sure I can a)
get someone else to vote for my patch and b) convince someone to roll
a release in the near future.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlEs0iEACgkQ9CaO5/Lv0PCBYgCfW4BvnsZQHrJ8JAQvSQuryGzH
g7oAniHyy2NoH/KO/iVjpsPtAHjmjYY9
=8+mX
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message