Dan K. wrote:

> Yoav,
>
> So then if there is a DoS vulnerability in the "normal jakarata tomcat
> 4.0.x distributions", would the developers consider that important enough
> to be looked at/fixed? I'm just trying to figure out whether the
> vulnerability in the debian tomcat would affect the normal jakarta tomcat
> versions >= 4.0.4 (i'm using the normal jakarta distributed tomcat 4.0.6).
> Upgrading to the 4.1 branch would require more work for us. :(

Let's say it would be looked at on a case by case basis. This one would
probably not be fixed as I believe mush less people used TC 4.0.x
standalone in production on public servers rather than with mod_jk or
mod_webapp.

More details on the exploit would be needed.

--
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
R�my Maucherat
Senior Developer & Consultant
JBoss Group (Europe) S�RL
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)