You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Anil K Patel (JIRA)" <ji...@apache.org> on 2010/02/23 21:21:28 UTC

[jira] Commented: (OFBIZ-3424) Upgrade Tomcat version to 6.0.24

    [ https://issues.apache.org/jira/browse/OFBIZ-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12837427#action_12837427 ] 

Anil K Patel commented on OFBIZ-3424:
-------------------------------------

I have not tested the patch, but looks like it should be simple. I think we should go for it.

> Upgrade Tomcat version to 6.0.24
> --------------------------------
>
>                 Key: OFBIZ-3424
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3424
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL APPLICATIONS
>    Affects Versions: SVN trunk
>            Reporter: Erwan de FERRIERES
>            Priority: Blocker
>             Fix For: SVN trunk
>
>         Attachments: OFBIZ-3424.diff, tomcat-6.0.24-annotations-api.jar, tomcat-6.0.24-catalina-ha.jar, tomcat-6.0.24-catalina-tribes.jar, tomcat-6.0.24-catalina.jar, tomcat-6.0.24-el-api.jar, tomcat-6.0.24-jasper-el.jar, tomcat-6.0.24-jasper-jdt.jar, tomcat-6.0.24-jasper.jar, tomcat-6.0.24-jsp-api.jar, tomcat-6.0.24-servlet-api.jar, tomcat-6.0.24-tomcat-coyote.jar, tomcat-6.0.24-tomcat-dbcp.jar, tomcat-6.0.24-tomcat-juli.jar
>
>
> 3 security issues have been released today for Tomcat, asking to migrate to the latest version :
> CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
> CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
> CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.