If the diff between 3.1.1 and 3.1 is small, yes, they can upgrade to 3.1.1
and not to 3.2.
That's what being in production is like.
Enough has changed between 3.1 and 3.2 that any application should go
through a full QA cycle before being moved to the new platform. Not that I
would really expect anything to show up, but it would be irresponsible not
to.
Forcing people to take new features along with bug fixes is never a good
idea.
-----Original Message-----
From: Jon Stevens [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 11, 2000 9:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [SECURITY] Security Vulnerabilities in Tomcat 3.1 and 3.2
on 12/11/2000 5:59 PM, "Craig R. McClanahan" <[EMAIL PROTECTED]>
wrote:
> I'm certainly game to remove 3.1 once we know that 3.1.1 doesn't introduce
any
> nasty
> problems, but just removing 3.1 doesn't help all the thousands of people
who
> have
> apps running on 3.1 and who cannot, for various reasons, immediately
upgrade.
They can upgrade to 3.1.1 but not 3.2? Huh?
No, make people upgrade to 3.2. There are WAY to many advantages to having
3.2.
-jon
--
Honk if you love peace and quiet.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<This electronic mail transmission may contain confidential
information and is intended only for the person(s) named. Any use, copying
or disclosure by any other person is strictly prohibited. If you have
received this transmission in error, please notify the sender via
e-mail.>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
