You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Horace Vallas <ha...@hav.com> on 2000/12/13 18:27:59 UTC

Re: [ANNOUNCEMENT] Security Related Updates - Tomcat 3.1.1 and Tomcat 3.2.1

het Craig - sorry to be dense - but what are the "appropriate contents" 
that should be replaced by 3.2.1?  Is this just the various jar's in /lib?

--
Wishing you an "OOBA OOBA" Y2K
Horace                            ...once known as "Kicker" :-)  
================================================================
Horace Vallas   hav.Software                 http://www.hav.com/     
                P.O. Box 354                         hav@hav.com
                Richmond, Tx. 77406-0354     voice: 281-341-5035 
                USA                            fax: 281-341-5087

Thawte Web Of Trust Notary in SW Houston, Tx.
http://www.hav.com/?content=/thawteWOTnotary.htm
================================================================
...drop by and chat if I'm online       http://www.hav.com/chat/
===   ===   ===   ===   ===   ===   ===   ===   ===   ===   ====
What is a Vet? ... He is the barroom loudmouth, dumber than five 
wooden planks, whose overgrown frat-boy behavior is outweighed a 
hundred times in the cosmic scales by four hours of exquisite 
bravery near the 38th parallel. ... - Unknown
                                      http://www.hav.com/vet.htm
================================================================

> 
> TOMCAT 3.2 USERS
> 
> * There are two identified vulnerabilities that are documented in the
>   Release Notes for Tomcat 3.2.1 (file "doc/readme" in the distribution).
>   These vulnerabilities have been fixed in Tomcat 3.2.1.
> 
> * You can download this security maintenance release at:
> 
>     http://jakarta.apache.org/builds/tomcat/release/v3.2.1/bin/
> 
> * You are ***strongly*** encouraged to download and install this
>   update as quickly as possible.
> 
> * This release fixes ***only*** the identified security vulnerabilities.
>   It does not address any of the other bugs, or feature requests, related
>   to Tomcat 3.2 final.  These issues will be dealt with in future
>   maintenance releases of Tomcat 3.2 as appropriate.
> 
> * The corrective action is to download the binary distribution, and
>   replace the appropriate contents in the $TOMCAT_HOME directory.
>   There is no need to modify any of the binary components (such as the
>   mod_jserv component used to connect Tomcat to Apache).
>