Author: kkolinko Date: Wed Dec 16 22:44:43 2015 New Revision: 1720476 URL: http://svn.apache.org/viewvc?rev=1720476&view=rev Log: Add CVE-2014-7810 to changelog of released 8.0.16.
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1720476&r1=1720475&r2=1720476&view=diff ============================================================================== --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Wed Dec 16 22:44:43 2015 @@ -2559,7 +2559,13 @@ than <code>jar:file</code>. (violetagg) </fix> <fix> - Fix potential issue with BeanELResolver when running under a security + CVE-2014-7810: + Do not use a privileged code block when evaluating EL expressions + when running under a security manager, which allowed to bypass code + restrictions. (markt) + </fix> + <fix> + Fix an issue with BeanELResolver when running under a security manager. Some classes may not be accessible but may have accessible interfaces. (markt) </fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org