-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gilbert,
On 9/28/2011 1:58 PM, gilbert.be...@bcbssc.com wrote: > Unfortunately, the government won't let we wait. Maybe patches is > the wrong word. For instance the updated code for > AjpAprProcessor.java and AjpProcessor.java needed to fix > CVE-2011-3190 is available and has been incorporated into 6.0.34, > they just haven't released it yet. So what I trying to do is to > manually incorporate the changes and rebuild Tomcat, something > I've never done before. Not being that well versed in Java and > ant, I've been doing a lot of head scratching. You have non-code-patching options for mitigating this vulnerability: see other posts in this thread (specifically, Bruce's branch). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Dmk0ACgkQ9CaO5/Lv0PAHnQCfQrnj+pvhBiHvHmOoaUrGzZPq 1B8Anj7afuzq68XwsVs5jVpp5OCs3Gpa =n8xJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org