https://bz.apache.org/bugzilla/show_bug.cgi?id=62582
--- Comment #8 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to mgrigorov from comment #4) > As Mark explained there is not much to check anyway because Tomcat doesn't > have dependencies. Well... that's not entirely true. Tomcat does rely on: 1. commons-dbcp[2] 2. commons-fileupload 3. ecj 4. commons-daemon 5. tcnative (technically) But my guess is that 1, 2 above wouldn't be detected because they have been modified from their original and re-packaged with "Tomcat" as the product name (instead of e.g. commons-dbcp). OWASP isn't very good at detecting binary dependencies, so it wouldn't detect 5. I'm not saying this is a great idea, but I'm not saying it's totally worthless, either. I think having an ant target that is runnable by anyone who chooses to run it would be a good thing. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org