Author: markt Revision: 1727182 Modified property: svn:log Modified: svn:log at Mon Feb 22 12:18:21 2016 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Mon Feb 22 12:18:21 2016 @@ -1,2 +1,3 @@ When using the new sessionAttributeValueClassNameFilter, apply the filter earlier rather than loading the class and then deciding to filter it out. When a SecurityManager is used, enable filtering by default. +This is part 2 of 2 of the fix for CVE-2016-0714
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
