https://bz.apache.org/bugzilla/show_bug.cgi?id=69486
--- Comment #7 from Mark Thomas <ma...@apache.org> --- (In reply to Chen Jp from comment #6) > related cve: CVE-2024-21733 Sort of but not really. The root cause of that CVE was an error path that bypassed resetting the buffer. It is just as likely that the zeroing out would have been bypassed. Zeroing out the buffer isn't a guaranteed fix. Just like ByteBuffer.limit(0), it only works if the code is actually called. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
