2010/2/27 Konstantin Kolinko <knst.koli...@gmail.com>: > 2010/2/24 jean-frederic clere <jfcl...@gmail.com>: >> The candidates binaries are available here: >> http://people.apache.org/~jfclere/tomcat-6/v6.0.25/ >> >> According to the release process, the 6.0.25 tag is: >> [x] Broken > > https://issues.apache.org/bugzilla/show_bug.cgi?id=48827 > Showstopper. >
I should say that there is one more showstopper in 6.0.25: the /findleaks command added to Manager webapp in 6.0.25 is not covered by security constraints, thus enabling a DoS attack vector. The fix for manager app web.xml is trivial and proposed in rev.917439. Sorry for the inconvenience. 6.0.24 and trunk are not affected. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
