* Apply patch to README.Debian to explain setting the HTTPOnly flag in cookies by default; CVE-2010-4312. (Closes: #608286) - Thank you to Thijs Kinkhorst for the patch. * Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid updating the shipped conffile. (Closes: #687818)