On Tue, Oct 28, 2014 at 8:00 AM, Hareshbhai Desai,Vinaykumar (Vinaykumar) < desa...@avaya.com> wrote:
> Hi team, > > I need some information about the tomcat support. We are using tomcat > 3.2.2 and tomcat 6.0.37 in our product. If we are not upgrade the tomcat > latest version then shall we get the support from apache for both tomcat > release 3.3.2 /6.0.37? If yes is it free or paid support? How quickly we > get response? > > It would be great if you will share the information on this area, so we > can take decision quicker. > > Thanking You , > Vinay > 7.3 Security vulnerabilities fixed in Tomcat 3.2.3 Non-normalized URIs, for example /examples/jsp/security//protected/index.jsp or /examples/jsp/../jsp/security/protected/index.jsp would bypass the security constraints specified in web.xml. We have come a long way since then...