On 05/12/2016 15:17, Emmanuel Bourg wrote: > Hi, > > I've backported the fix for CVE-2016-5018 in Debian which removed the > PrivilegedIntrospectHelper inner class in JspRuntimeLibrary, but I got > bitten by the bug 60101 (the removed class was loaded though reflection > in two other classes). The security pages do not mention the extra > commit addressing this issue. Could someone update the pages and mention > the commits please?
Done. For 6.0.x as well. Mark > > Tomcat 7: https://svn.apache.org/r1760309 > Tomcat 8: https://svn.apache.org/r1760307 > Tomcat 8.5: https://svn.apache.org/r1760305 > Tomcat 9: https://svn.apache.org/r1760300 > > Thank you, > > Emmanuel Bourg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
