Hello Sir, I wish to confirm one more thing. The issue is SSL vulnerability. from the responses, i understood that i need to upgrade to tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment. my quesiton is: Is this vulernability solved in tomcat 5 version?Do i need to perform some additional stuff to avoid this vulnerability?Any modification to be done in server.xml file to avoid the SSL vulnerability
regardsSunil C --- On Tue, 11/8/09, Mark Thomas <[email protected]> wrote: From: Mark Thomas <[email protected]> Subject: Re: avoiding ssl vulnerabilities in tomcat To: "Tomcat Users List" <[email protected]> Date: Tuesday, 11 August, 2009, 4:55 PM sunil chandran wrote: > Hello all, > > OK i will upgrade. > But what all changes required to update to tomcat 5. > what all changes reuired to upgrade to tomcat 4.1.40 You may as well do the job properly and upgrade to 6.0.20. For you app? No changes should be required. For your Tomcat configuration? Start with the clean configuration provided with 6.0.20 and add any modifications you need. Be aware that the config has changed in particular: - the <Logger> element is no longer used - Resource configuration has changed See the docs for the details. Mark > > > > --- On Mon, 10/8/09, Caldarale, Charles R <[email protected]> wrote: > > > From: Caldarale, Charles R <[email protected]> > Subject: RE: avoiding ssl vulnerabilities in tomcat > To: "Tomcat Users List" <[email protected]> > Date: Monday, 10 August, 2009, 7:10 PM > > >> From: sunil chandran [mailto:[email protected]] >> Subject: Re: avoiding ssl vulnerabilities in tomcat >> >> Is there any patch provided so that i can still use the same version >> 4.1.24 itself. > > No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > > Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download > Now! http://messenger.yahoo.com/download.php --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
