On 20/07/2015 10:58, Kreuser, Peter wrote: <snip/>
> Hi Mark, > > I appreciate your open comment and that clarifies the lengthy wait. I > trust that now the solution gets going and will be solved soonish. > > I'm in no position to criticize any wrongdoing on this CVE. I only > hope to find a clearer communication on the tomcat-security sites in > the future and if THAT is RedHat's fault, then please clean up the > process with them. I've just updated the JK security page on the Tomcat web site. To be clear, keeping this page up to date is entire the responsibility of the Tomcat committers. We dropped the ball on this one. That said, I had hoped - much like I hoped with the release - that RedHat would have directed one of their employees who is a committer to do the update. When that didn't happen pretty much immediately, we (the Tomcat committers) should have done it. I've read through the release docs and I should be able to get a 1.2.41 source release out. I'm planning on doing that next. Binary releases are going to have to wait for other folks to contribute them. Cheers, Mark > Thank You. Best regards, > > Peter > > PS: is that the correct position to add my response? Yes, it was. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
