Author: markt
Date: Mon Aug 11 14:31:58 2008
New Revision: 684944
URL: http://svn.apache.org/viewvc?rev=684944&view=rev
Log:
Lay groundwork for adding links to associated svn commits to vulnerability
pages. Also make clear up front that we don't provide binary patches.
Modified:
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/security.xml
Modified: tomcat/site/trunk/docs/security.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=684944&r1=684943&r2=684944&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Mon Aug 11 14:31:58 2008
@@ -192,6 +192,19 @@
<p>
<blockquote>
+ <p>Please note that, except in rare circumstances, binary patches are not
+ produced for individual vulnerabilities. To obtain the binary fix for a
+ particular vulnerability you should upgrade to an Apache Tomcat version
+ where that vulnerability has been fixed.</p>
+
+ <p>Source patches, usually in the form of references to SVN commits, may be
+ provided in either in a vulnerability announcement and/or the
+ vulnerability details listed on these pages. These source patches may be
+ used by users wishing to build their own local version of Tomcat with
just
+ that security patch rather than upgrade. Please note that an exercise is
+ currently underway to add links to the svn commits for all the
+ vulnerabilities listed on these pages.</p>
+
<p>Lists of security problems fixed in released versions of Apache Tomcat
are available:</p>
<ul>
Modified: tomcat/site/trunk/xdocs/security.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=684944&r1=684943&r2=684944&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Mon Aug 11 14:31:58 2008
@@ -9,6 +9,19 @@
<body>
<section name="Security Updates">
+ <p>Please note that, except in rare circumstances, binary patches are not
+ produced for individual vulnerabilities. To obtain the binary fix for a
+ particular vulnerability you should upgrade to an Apache Tomcat version
+ where that vulnerability has been fixed.</p>
+
+ <p>Source patches, usually in the form of references to SVN commits, may be
+ provided in either in a vulnerability announcement and/or the
+ vulnerability details listed on these pages. These source patches may be
+ used by users wishing to build their own local version of Tomcat with
just
+ that security patch rather than upgrade. Please note that an exercise is
+ currently underway to add links to the svn commits for all the
+ vulnerabilities listed on these pages.</p>
+
<p>Lists of security problems fixed in released versions of Apache Tomcat
are available:</p>
<ul>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
