Johan,
I'm using Tomcat Version 3.2.1 and the readme document had the following
information
on Tomcat versions. There isn't info about 3.2.2 3.3 there but probably if
you
download those versions there will be a readme explaining the changes.
Besides the differences in functionality the other difference is the
quality/stability
of the versions - whether they are milestone, beta or release quality.
Tomcat Versions 3.1.1 and 3.2.1 are the only "release" builds.
Tomcat Versions 3.2.2 and 4.0 are beta versions.
Tomcat Version 3.3 is a milestone build.
From a Struts point of view the minimum requirement is Tomcat 3.1 but there
are lots of
messages from those in the know that version 3.1 is not recommended, you
need 3.2 at least.
e.g.
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg04662.html
Hope this helps.
Niall
README 1. INTRODUCTION
README Tomcat Version 3.2.1 is a security related update! See Section 7,
below,
README for details on the changes that have been made. All other existing
issues with
README Tomcat 3.2 will remain in 3.2.1 -- they will be addressed in
subsequent
README maintenance updates (3.2.2, and so on).
README 4. TOMCAT: PAST, PRESENT, AND FUTURE
README - Version 3.0 (released 12/1999) was the initial release of Tomcat.
In
README addition to implementing the Java Servlet and Server Pages
specification,
README this release featured a minimal Apache connector.
README - Tomcat 3.1 (released 4/2000) improved the Apache connection and
added
README connector support for Netscape and IIS web servers. It also added
WAR file
README support, automatic servlet reloading, and a command line tool (jspc)
to
README compile ahead of time the JSP pages that comprise your application.
Finally,
README version 3.1 also focused on reorganizing the code (modularization,
cleanup,
README refactoring, removal of dead code, and separation of J2EE-specific
code).
README - Tomcat 3.2 is the first performance tune-up, and also adds a few
new
README features (see next section).
README - Tomcat 4.0 is separate development from Tomcat 3.x. It is based
on the
README Catalina architecture, which is very different from the architecture
of
README Tomcat 3.x. In addition, Tomcat 4.0 is to be the reference
implementation
README for the Servlet 2.3 and JSP 1.2 specifications.
README 7. SECURITY VULNERABILITIES FIXED IN TOMCAT 3.2.1
README 7.1 Protection of Resources in /WEB-INF and /META-INF Directories
README The servlet specification prohibits servlet containers from serving
resources
README in the /WEB-INF and /META-INF directories of a web application
archive directly
README to clients. In Tomcat 3.2, this means that URLs like:
READMEhttp://localhost:8080/examples/WEB-INF/web.xml
README will return an error message, rather than the contents of your
deployment
README descriptor. However, there is a vulnerability in Tomcat 3.2 that
exposes
README this information if the client requests a URL like this instead:
README http://localhost:8080/examples//WEB-INF/web.xml
README (note the double slash before "WEB-INF"). This vulnerability has
been
README corrected in Tomcat 3.2.1.
README 7.2 Show Source Vulnerability
README The example application delivered with Tomcat 3.2 included a
mechanism to
README display the source code for the JSP page examples. This mechanism
could
README be used to bypass the restrictions on displaying sensitive
information in
README the WEB-INF and META-INF directories. This vulnerability has been
removed.
-Original Message-
From: Johan Compagner [mailto:[EMAIL PROTECTED]]
Sent: 22 March 2001 00:00
To: Struts
Subject: Tomcat question
Hi,
One tomcat question for this list (i know there are some tomcat
developers here)
Why can't i find changes.html or something like that for the
tomcat versions?
You got now a
3.1.x branch (doesn't seem to be in development anymore)
3.2.x branch (still development 3.2.2 beta 1 as latest mile stonde)
3.3.x branch (the latest in 3.x)
And you got 4.0
I know the differences between 3.x (servlet 2.2 / jsp 1.1) and
4.x (servlet 2.3 / jsp 1.2)
But why all those 3.x branches and why are there even 2 in development?
Johan