We have switched from using the Red Hat supplied version of Tomcat to the Apache supplied binary distribution. My management would like me to follow any CVE related to Tomcat. I am wondering if there is a mailing list, I can subscribe to that will give me just those items.
I should be following all the CVEs but there are not enough hours in the day to do that and stay on top of my assigned duties. This is on top of designing an update cycle that we can make work. There are not enough people cycles to install and regression test every point release across every application we have using Tomcat. Darryl Baker, GSEC (he/him/his) Sr. System Administrator Distributed Application Platform Services Northwestern University 1800 Sherman Ave. Suite 6-600 – Box #39 Evanston, IL 60201-3715 darryl.ba...@northwestern.edu<mailto:darryl.ba...@northwestern.edu> (847) 467-6674
