On Thu, Apr 09, 2009 at 12:11:12PM -0700, Darren Patterson wrote: > > On Apr 9, 2009, at 12:49 AM, Kaj Niemi wrote: > > >Hi, > > > >On Apr 8, 2009, at 17:20, Andy Kannberg wrote: > > > >>Does anyone know which version of Apache and Tomcat are available > >>from the standard Red Hat repository ? > >>Are there other repositories which offer newer RPM packages for > >>Apache and Tomcat ? > > > > > >RHEL5(.3) has tomcat 5.5.23 and apache 2.2.3. That being said, there's > >always JPackage as a source of java stuff. I'm not sure how well it > >interoperates nowadays with RHEL5 (as RHEL5 java packages have been > >gcjd and there might be a dependency for the library in native format) > >but it works great on RHEL4. If you're unhappy with either you can > >always roll your own and contribute. :) > > I would strongly advise people to look at the tomcat security > vulnerabilities (http://tomcat.apache.org/security.html) and reference > that against the version of tomcat that JPackage provides. The JPP 5.0 > provided tomcat6-6.0.14 is quite old and has many CVEs including > elevated privs, information disclosure and data integrity > vulnerabilities. I certainly wouldn't consider using this in > production. The JPP 1.7 provided tomcat5 (RHEL4) is even worse in my > opinion.
Whenever I try to get some help with Tomcat / Java issues on RHEL, I always have to hear about how ancient and out-of-date their packages are and how I really ought to update. I'm recommending that we stop paying RedHat and go with CentOS, so at least when I break the paradigm we don't lose the $$$. -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
