Nov 25th, 2012, 10:00 PM
Regarding Vulnerabilities Patching
I am using Springsource TomCat ver 6.0.35.A.RELEASE in my live environment. Recently we have received some requests to patch the TomCat Server in our environment based on the Apache Tomcat Security Advisory, eg,
"Apache Tomcat Header Processing Bug Lets Remote Users Deny Service" from http://tomcat.apache.org/security-6.html.
So my question is does Springsource have their own security advisory so we much so that we can ignore others or do we follow the security advisory from the Apache from http://tomcat.apache.org and do the patches accordingly on what is released there? Thanks for the clarification.
Nov 26th, 2012, 12:22 PM
This should provide the information you are requesting: http://support.springsource.com/secu...server-runtime