svn commit: r1720472 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Wed, 16 Dec 2015 14:38:10 -0800 

Author: kkolinko
Date: Wed Dec 16 22:37:43 2015
New Revision: 1720472

URL: http://svn.apache.org/viewvc?rev=1720472&view=rev
Log:
Add CVE-2014-7810 to changelog of released 6.0.44.

Modified:
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1720472&r1=1720471&r2=1720472&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Dec 16 22:37:43 2015
@@ -235,7 +235,13 @@
   <subsection name="Jasper">
     <changelog>
       <fix>
-        Fix potential issue with BeanELResolver when running under a security
+        CVE-2014-7810:
+        Do not use a privileged code block when evaluating EL expressions
+        when running under a security manager, which allowed to bypass code
+        restrictions. (markt/kkolinko)
+      </fix>
+      <fix>
+        Fix an issue with BeanELResolver when running under a security
         manager. Some classes may not be accessible but may have accessible
         interfaces. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to