unday, July 26, 2020 5:09 AM
To: users@tomcat.apache.org
Subject: Re: CVE-2020-1935
George,
As an open source project with an open development process, the Tomcat security
team has a number of challenges to deal with.
First, any commit to address a security issue will be public before the
security
al Message-
> From: Christopher Schultz
> Sent: Friday, July 24, 2020 3:40 PM
> To: users@tomcat.apache.org
> Subject: Re: CVE-2020-1935
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> George
> George,
>
> On 7/24/20 15:15, George Stanchev wrote:
iment.
Cheers!
George
-Original Message-
From: Christopher Schultz
Sent: Friday, July 24, 2020 3:40 PM
To: users@tomcat.apache.org
Subject: Re: CVE-2020-1935
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 7/24/20 15:15, George Stanchev wrote:
> The description for thi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 7/24/20 15:15, George Stanchev wrote:
> The description for this CVE is pretty vague (as perhaps
> necessary) but we have a customer that is trying to assess their
> risk for this CVE.
Their risk is probably very low. Their risk of a bun
