Veniamin Fichin wrote: > Rossen Raykov wrote: > >> Tomcat 4.x JSP source exposure security advisory >> >> 1. Summary >> Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are >> vulnerable to source code exposure by using the default servlet >> org.apache.catalina.servlets.DefaultServlet. > > --= [ cut ] =-- > >> 3. Solution: >> 3.1 Upgrade to the last releases 4.0.5 and 4.1.12 >> See >> http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/ for the last >> releases. > > > I'm a newbie to Tomcat and JSP at all, so I have a question: can this > upgrade be done by using new binaries only, not by upgrading an entire > distribution including configs? I don't want to overwrite my configure > files, because it took some time for me to understand its structure and > meaning.
No, you do not need to upgrade. Read the advisory I posted earlier, or the news item posted on the Jakarta website. Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
