This content has been marked as final. Show 2 replies
For security compliance, we are looking to upgrade our older JBoss implementations to a version which includes a non vulnerable version of Tomcat.
From looking at the JBoss site,
JBoss 4.2.0 - 4.2.1 include Tomcat, rebranded as JBossWeb 2.0.0. This is based on Tomcat 6.0.13 which is vulnerable to a bunch of security holes. What version of Tomcat is JBossWeb 2.0.1 (included with JBoss 4.2.2 - 4.2.3)? I have searched and searched JBoss's site and on the internet and even looked through some of JBoss's source (ServerInfo.properties and thirdparty/licenses), but none of it includes the information I am looking for. The only hits that come back is the link above which doesn't state what version of Tomcat is included in JBoss 4.2.2 and 4.2.3. Any information would be very helpful.
I'm in the same boat. Hopefully someone in the know will come to our aid...