I'm not sure we should even try? 1.7.x is the path to push for the fix,
as it has already moved on from that CVE.
That said, how much needs to change in 1.6.0.2 to upgrade to 7.0.59?
Andy.
On 18/02/2015 22:31, Jean-Louis Monteiro wrote:
Oups sorry. Thought it was finally not published. Apologize.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Wed, Feb 18, 2015 at 10:28 PM, Romain Manni-Bucau <[email protected]>
wrote:
@JL: 1.6.0.2 did I think (at least it is on central)
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2015-02-18 22:19 GMT+01:00 Jean-Louis Monteiro <[email protected]>:
1.6.0.2 did not pass the VOTE so it's still time to upgrade the Tomcat
dependencies.
That said, +1 for the release if someone wants to volunteer.
Jean-Louis
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Wed, Feb 18, 2015 at 2:13 PM, Thibault TIGEON <
[email protected]>
wrote:
Hello everyone,
The version 1.6.0.2 was built with Tomcat 7.0.53.
But There is a security alert on this version :
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55
Secunia alert is available here <http://secunia.com/advisories/62768/>
.
Do you think it would be possible to have a new version (1.6.0.3)
solving
this problem?
Regards,
Thibault
--
View this message in context:
http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html
Sent from the TomEE Dev mailing list archive at Nabble.com.
--
Andy Gumbrecht
https://twitter.com/AndyGeeDe
