tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Patch information required
Date Mon, 02 Dec 2013 10:45:52 GMT
André Warnier wrote:
> wrote:
>> Hi All,
>> We are using Apache tomcat version 6.0.26 bundled with Jasper soft 5.0 
>> server and we need to install below patches on our servers to fix some 
>> Vulnerabilities.


>> I am not sure how to install these patches can anyone help us here.
>> Note: We cannot upgrade to new version. So we need the steps to 
>> install the above patches.
> Let's maybe first rectify the above statement : technically, you 
> certainly /can/ install new versions.  Whether the internal rules of 
> your organisation allow this, is another question altogether, which has 
> to be answered by your organisation.
> As far as I know, Tomcat does not distribute "patches".
> It publishes new versions, which include a number of enhancements and 
> fixes, such as the ones from SVN which you mention above. And it highly 
> recommends to keep your Tomcat version current and use the latest 
> published version, which would include the above changes and probably 
> also fix other issues which you haven't yet noticed.
> The latest 6.x version of Tomcat is here : 

Addendum :
The last link which you mention (juniper) leads to a page which clearly indicates that 
these issues have been resolved by a new release of this vendor's product, which includes

a new major version of Tomcat.  Did you even read it ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message