- don't change SYSCONFDIR, use CONFDIR/SUBST_VARS instead and if neccessary
use "CONFIGURE_STYLE=gnu old" and explicitly set --sysconfdir=${CONFDIR}
a few more to come...
A security vulnerability has been confirmed to exist in Apache Tomcat
4.0.x releases (including Tomcat 4.0.5), which allows to use a specially
crafted URL to return the unprocessed source of a JSP page, or, under
special circumstances, a static resource which would otherwise have been
protected by security constraint, without the need for being properly
authenticated. This is based on a variant of the exploit that was
disclosed on 09/24/2002.
Version 3.2.2 fixes a large number of bugs and all known specification
compliance issues. The 3.2.x branch will continue in maintenance mode,
but no new feature releases are planned.
by the Apache Foundation's Jakarta Project. Tomcat can be run as a
standalone web server with Servlet and JSP support, or using Apache
Server as it's web server via the mod_jserv Apache module (the
www/ap-jserv package).