tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William L. Thomson Jr." <>
Subject Re: [Fwd: [Security] - **Updated** Important vulnerability disclosed in Apache Tomcat webdav servlet]
Date Sun, 21 Oct 2007 18:03:36 GMT
On Sun, 2007-10-21 at 17:41 +0100, Mark Thomas wrote:
> William L. Thomson Jr. wrote:
> > I take it down streams should run with the first patches to work around
> > this vulnerability till next release. I already applied the one liner,
> > kinda glad I did not apply the other last night ;) Please advise,
> > thanks.
> You need a version of the second patch for a complete fix. If you want
> logging - apply my version, if you don't - apply Remy's. Both fix the
> problem, just in slightly different ways.
> We'll have to wait and see which way the voting goes for which patch
> gets incorporated into the code base.

That's what I am interested in, and willing to wait a bit for. Don't
want to appear to be taking sides or adding in my own opinion based on
which one to apply/go with or not. Prefer to stick with what ever
direction upstream goes in and/or recommends.

Thanks much :)

William L. Thomson Jr.

View raw message