-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Howard,
On 11/24/13, 10:52 PM, Howard W. Smith, Jr. wrote: > On Sun, Nov 24, 2013 at 7:15 PM, André Warnier <a...@ice-sa.com> > wrote: > >> Caldarale, Charles R wrote: >> >>> From: André Warnier [mailto:a...@ice-sa.com] Subject: Java +GC >>> question >>>> >>> >>> java version "1.6.0_26" >>>> >>> >>> Do we need to tell you to upgrade? >>> >> >> Whatever happened to the "Never change a running system" ? > > > I usually hear it said like this, if it ain't broke, then don't fix > it. :) Sometimes, it's broke but you don't know it. http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html That bug was fixed in 2011 and there are reports (but Oracle closed their bug database) that the bug was originally filed in 2001. Keeping up-to-date is a good idea in most cases. Sometimes, there are even bugs that are fixed silently. There are patch versions of Tomcat that include fixes for security vulnerabilities that are not announced (that is, the vulnerabilities are not announced) until some time after the release. That is done so that administrators have time to patch their systems before it's disclosed that a particular vulnerability exists. Otherwise, admins might have to sustain a period of time where the bad guys have exploits but they haven't had time to stage, test, and deploy the newer versions. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSk6WYAAoJEBzwKT+lPKRYxlwP/iEmdUh+MW13OVASUz5lHhiM bXooj6dGDJ29CoDsLX5I60c7UAKjlrU/W4TP0UBdLTQSdqx80+jBxxTRYftxHhmV bVS7SQRNm33y+llhZJueqTkrtLQug5DVPUkY0OJNKJ+K1PERDUTIU5HJPen1Q032 tg99OawnjC7Beq3Cs7DBwLfbmlgi4sz8iAk0G4W5TDzQplXZPTV4CT3TgYjYpJqK zbRFLRC7FB6sd2OZlF9CckOB8/8+iuqRSw1sotlXRYQlsh6tLwVFv8wlzRSSP12b MOPpj+ThH9a4n+euvB4vrhYTZ9gK2cy7JYhIuHKeqVZVuvQVi6Ax+vI+KwIuumNK kKLO8n4VsikaNRypZVdbS4BxiX8yCJqc1Pf2NLZwMmUsDJ9Mt3WGhWCQ7aOwenVg pe/C06rqY0+QspInbQ6y+sRK2gRUTTMeA1ngjZLL83LfBLD7y8CVq9fbe0z0pxm2 k5ibKPINxeeexWfo+cm6Y7wH9zfp0DHh+jVXBKdmzaArEN2sJx2i35hJ9XKO2kEP YruT7PRWOWh8uPNZp3AbEU9YIZ6OyH885mS30GikfnfNWvoG7dgBT+Ut66/syUXj mlMcS2w8Cm5jzHO1r26N2KjB/bQZq6Umm5u+QNa4y1HLUGrCixZzSnA+SVBTBwSQ V3NRutCP19+NMM1A6boT =sdH2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org