https://bz.apache.org/bugzilla/show_bug.cgi?id=60674
--- Comment #2 from Ralf Hauser <hau...@acm.org> --- Other security classes are not final. And an attacker would also have to alter the web.xml to have the subclass used at all to begin with. IMHO, putting such a class as "final" is also against the open source spirit: "No one after me will be smarter than and adding more value with sub-classing it" or are there other reasonings behind this? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
