[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: [OT] Java +GC question
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2013-11-25 19:31:38
Message-ID: 5293A59A.9040406 () christopherschultz ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Howard,

On 11/24/13, 10:52 PM, Howard W. Smith, Jr. wrote:
> On Sun, Nov 24, 2013 at 7:15 PM, André Warnier <aw@ice-sa.com>
> wrote:
> 
>> Caldarale, Charles R wrote:
>> 
>>> From: André Warnier [mailto:aw@ice-sa.com] Subject: Java +GC
>>> question
>>>> 
>>> 
>>> java version "1.6.0_26"
>>>> 
>>> 
>>> Do we need to tell you to upgrade?
>>> 
>> 
>> Whatever happened to the "Never change a running system" ?
> 
> 
> I usually hear it said like this, if it ain't broke, then don't fix
> it. :)

Sometimes, it's broke but you don't know it.

http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

That bug was fixed in 2011 and there are reports (but Oracle closed
their bug database) that the bug was originally filed in 2001. Keeping
up-to-date is a good idea in most cases. Sometimes, there are even
bugs that are fixed silently.

There are patch versions of Tomcat that include fixes for security
vulnerabilities that are not announced (that is, the vulnerabilities
are not announced) until some time after the release. That is done so
that administrators have time to patch their systems before it's
disclosed that a particular vulnerability exists. Otherwise, admins
might have to sustain a period of time where the bad guys have
exploits but they haven't had time to stage, test, and deploy the
newer versions.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSk6WYAAoJEBzwKT+lPKRYxlwP/iEmdUh+MW13OVASUz5lHhiM
bXooj6dGDJ29CoDsLX5I60c7UAKjlrU/W4TP0UBdLTQSdqx80+jBxxTRYftxHhmV
bVS7SQRNm33y+llhZJueqTkrtLQug5DVPUkY0OJNKJ+K1PERDUTIU5HJPen1Q032
tg99OawnjC7Beq3Cs7DBwLfbmlgi4sz8iAk0G4W5TDzQplXZPTV4CT3TgYjYpJqK
zbRFLRC7FB6sd2OZlF9CckOB8/8+iuqRSw1sotlXRYQlsh6tLwVFv8wlzRSSP12b
MOPpj+ThH9a4n+euvB4vrhYTZ9gK2cy7JYhIuHKeqVZVuvQVi6Ax+vI+KwIuumNK
kKLO8n4VsikaNRypZVdbS4BxiX8yCJqc1Pf2NLZwMmUsDJ9Mt3WGhWCQ7aOwenVg
pe/C06rqY0+QspInbQ6y+sRK2gRUTTMeA1ngjZLL83LfBLD7y8CVq9fbe0z0pxm2
k5ibKPINxeeexWfo+cm6Y7wH9zfp0DHh+jVXBKdmzaArEN2sJx2i35hJ9XKO2kEP
YruT7PRWOWh8uPNZp3AbEU9YIZ6OyH885mS30GikfnfNWvoG7dgBT+Ut66/syUXj
mlMcS2w8Cm5jzHO1r26N2KjB/bQZq6Umm5u+QNa4y1HLUGrCixZzSnA+SVBTBwSQ
V3NRutCP19+NMM1A6boT
=sdH2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]