Re: Tomcat CVE watch

[calder]

On Sat, Jul 25, 2020, 09:55 Darryl Philip Baker <
darryl.ba...@northwestern.edu> wrote:

> We have switched from using the Red Hat supplied version of Tomcat to the
> Apache supplied binary distribution. My management would like me to follow
> any CVE related to Tomcat. I am wondering if there is a mailing list, I can
> subscribe to that will give me just those items.
>

http://tomcat.apache.org/lists.html#tomcat-announce

"The list is used to announce Tomcat releases, security vulnerabilities and
other project announcements."

Tomcat CVE watch

[Darryl Philip Baker]

We have switched from using the Red Hat supplied version of Tomcat to the 
Apache supplied binary distribution. My management would like me to follow any 
CVE related to Tomcat. I am wondering if there is a mailing list, I can 
subscribe to that will give me just those items.

I should be following all the CVEs but there are not enough hours in the day to 
do that and stay on top of my assigned duties.

This is on top of designing an update cycle that we can make work. There are 
not enough people cycles to install and regression test every point release 
across every application we have using Tomcat.

Darryl Baker, GSEC  (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL  60201-3715
darryl.ba...@northwestern.edu
(847) 467-6674