tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Klemme <>
Subject Re: Nessus scan claims vulnerability in Tomcat 6
Date Tue, 26 Feb 2013 15:38:35 GMT
On Tue, Feb 26, 2013 at 4:04 PM, Mark Thomas <> wrote:
> On 26/02/2013 03:09, Robert Klemme wrote:

>> So one solution would be to remove APR lib from the system.
> Yes, although you will see performance for SSL drop.

Yes, of course.  That's not important in our case.

>> before starting the JVM.
> I don't know if OpenSSL will honour that.

I'll let you know once I find out.

>>> There is no 6.0.x release with the necessary options yet.
>> Do you know whether there will be?
> There will be but I'm not aware of any planned timing at this point. The
> changelog isn't that long but it has been a while since the last release so
> I guess we should start thinking about it.

Good!  Thanks for the update!

Kind regards


remember.guy do |as, often| as.you_can - without end

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message