Thank you. I guess all I need now is caffeine. Gilbert Berry Blue Cross/Blue Shield of South Carolina Tricare Post Adjudication Reporting (803) 763-1873 x 31873 (803) 466-7282 cell gilbert.be...@mytricare.com THIS EMAIL IS CONFIDENTIAL http://www.bcbssc.com/confidentiality.htm
-----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, September 28, 2011 1:56 PM To: Tomcat Users List Subject: Re: Incorporating changes and compiling Tomcat 2011/9/28 Wilde, Bruce R. <bruce.r.wi...@saic.com>: > So, what are security minded system administrators to do about > mitigating CVE-2011-3190 against V6.0.33? > > From the > http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34_( > not_yet_released) page > > "Mitigation options: > > Upgrade to Tomcat 6.0.34. [Ed. What is the expected release > date?] or to 7.0.21 > Apply the appropriate patch. [Ed. Patch provides 2 java source > files; requiring a re-compilation] man patch svn help patch (since Subversion 1.7) Or apply it manually using your text editor of choice. > Configure both Tomcat and the reverse proxy to use a shared > secret. Read "configuration reference". Any Tomcat administrator should have done so once. > ... > Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector > implementation. The above one is the easiest. I would recommend it. BTW, this is the connector implementation that is used by default when you do not have "Tomcat-Native/APR" installed. That is what most users are already using by default. Regarding original question "how to build it": There are - BUILDING.txt - webapps/docs/building.html in every release. What else is needed? Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org