Hi! Re-reading the security pages I have several notes
http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html 1) security-6.html and others have the following text: "Please send comments or corrections for these vulnerabilities to the Tomcat Security Team." with a link to security@ address in it. I think it is wrong. General comments and questions should be sent to dev@ or users@. Only exploits are for security@. I am not yet sure how to better write it. Maybe with a link to security.html or lists.html 2) I would like to mention that we do not provide binary patches. I think direct links to the following pages will help some people: http://tomcat.apache.org/tomcat-7.0-doc/building.html http://tomcat.apache.org/tomcat-7.0-doc/BUILDING.txt The links will be different for different Tomcat versions. 3) The above issues are already mentioned on the generic security page (security.html), but on security-6.html page there is no direct link back to security.html unless you pay attention to the site menu on the left side. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
