You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by David Rees <dr...@gmail.com> on 2008/08/12 04:02:13 UTC

Tomcat 5.5 & 4.1 Security Release

I posted a couple messages to the user/dev lists last week asking the
same question, but still haven't seen any mention of a plan to release
a new 5.5.x or 4.1.x to fix the security issues posted at the
beginning of the month.

Is there a plan to push a new release for either 5.5.x or 4.1.x or
should end users assume that we're on our own regarding these two
versions and we should either patch/build them ourselves or upgrade to
6.0.x which does appear to be maintained?

It appears that both branches already have all the required security
patches applied to them so I don't see what the hold up is here. Are
there other changes applied to the branches which need to be tested?
I'm more than happy to help with testing where I can.

Thanks,

-Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Tomcat 5.5 & 4.1 Security Release

Posted by Mark Thomas <ma...@apache.org>.

David Rees wrote:
> I posted a couple messages to the user/dev lists last week asking the
> same question,
There is no need to cross-post.

> but still haven't seen any mention of a plan to release
> a new 5.5.x or 4.1.x to fix the security issues posted at the
> beginning of the month.
> 
> Is there a plan to push a new release for either 5.5.x or 4.1.x or
> should end users assume that we're on our own regarding these two
> versions and we should either patch/build them ourselves or upgrade to
> 6.0.x which does appear to be maintained?
Current status is maintained at http://wiki.apache.org/tomcat/TomcatVersions

A Tomcat 4.1.x release is in the works - I have a couple more patches I 
need to apply and one bug I want to make sure is fixed before I start the 
release process.

The 5.5.x release depends on Filip's availability.

> It appears that both branches already have all the required security
> patches applied to them so I don't see what the hold up is here. Are
> there other changes applied to the branches which need to be tested?
> I'm more than happy to help with testing where I can.

Any testing you can do once the releases are up for voting woudl be 
appreciated.

Mark



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org