Yoav,
So then if there is a DoS vulnerability in the "normal jakarata tomcat 4.0.x distributions", would the developers consider that important enough to be looked at/fixed? I'm just trying to figure out whether the vulnerability in the debian tomcat would affect the normal jakarta tomcat versions >= 4.0.4 (i'm using the normal jakarta distributed tomcat 4.0.6). Upgrading to the 4.1 branch would require more work for us. :(
Let's say it would be looked at on a case by case basis. This one would probably not be fixed as I believe mush less people used TC 4.0.x standalone in production on public servers rather than with mod_jk or mod_webapp.
More details on the exploit would be needed.
-- xxxxxxxxxxxxxxxxxxxxxxxxxxxxx R�my Maucherat Senior Developer & Consultant JBoss Group (Europe) S�RL xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
