Nope. Typically if a security issue is found, it will be discussed by the committers to confirm the vulnerability. A patch and a new release is made. The announcement of the vulnerabilty and the new release are usually made at the same time.

The annoucement is typically made to:
- tomcat-user
- tomcat-dev
- tomcat-announce (I think this is the name)

-Tim

Ronnie Tartar wrote:
Is there a mailing list for security warnings for tomcat?
Thanks




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to