On Apr 9, 2009, at 12:49 AM, Kaj Niemi wrote:
Hi,
On Apr 8, 2009, at 17:20, Andy Kannberg wrote:
Does anyone know which version of Apache and Tomcat are available
from the standard Red Hat repository ?
Are there other repositories which offer newer RPM packages for
Apache and Tomcat ?
RHEL5(.3) has tomcat 5.5.23 and apache 2.2.3. That being said, there's
always JPackage as a source of java stuff. I'm not sure how well it
interoperates nowadays with RHEL5 (as RHEL5 java packages have been
gcjd and there might be a dependency for the library in native format)
but it works great on RHEL4. If you're unhappy with either you can
always roll your own and contribute. :)
I would strongly advise people to look at the tomcat security
vulnerabilities (http://tomcat.apache.org/security.html) and reference
that against the version of tomcat that JPackage provides. The JPP 5.0
provided tomcat6-6.0.14 is quite old and has many CVEs including
elevated privs, information disclosure and data integrity
vulnerabilities. I certainly wouldn't consider using this in
production. The JPP 1.7 provided tomcat5 (RHEL4) is even worse in my
opinion.
-darren
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
