This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 3dfe8cc24d Provide guidance on allowing write access to the web
application
3dfe8cc24d is described below
commit 3dfe8cc24de30bea309ba7c885237aca1e98c174
Author: Mark Thomas <[email protected]>
AuthorDate: Sat Jun 7 09:32:02 2025 +0100
Provide guidance on allowing write access to the web application
---
webapps/docs/changelog.xml | 9 +++++++++
webapps/docs/default-servlet.xml | 25 ++++++++++++++-----------
webapps/docs/security-howto.xml | 13 +++++++++++++
3 files changed, 36 insertions(+), 11 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0c5c794c4f..597e88bd05 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.1.43 (schultz)" rtext="in development">
+ <subsection name="Web applications">
+ <changelog>
+ <add>
+ Documentation. Provide more explicit guidance regarding the security
+ considerations for enabling write access to the web application via
+ WebDAV, HTTP PUT requests or similar. (markt)
+ </add>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 10.1.42 (schultz)" rtext="release in progress">
<subsection name="Catalina">
diff --git a/webapps/docs/default-servlet.xml b/webapps/docs/default-servlet.xml
index 8e8139b65f..409fc7487d 100644
--- a/webapps/docs/default-servlet.xml
+++ b/webapps/docs/default-servlet.xml
@@ -150,17 +150,20 @@ Tomcat.</p>
directory listing will be shown.
</property>
<property name="localXsltFile">
- You may also customize your directory listing by directory by
- configuring <code>localXsltFile</code>. This must be a file in the
- directory where the listing will take place to with a
- <code>.xsl</code> or <code>.xslt</code> extension. This overrides
- <code>globalXsltFile</code> and <code>contextXsltFile</code>. If this
- value is present but a file does not exist, then
- <code>contextXsltFile</code> will be used. If
- <code>contextXsltFile</code> does not exist, then
- <code>globalXsltFile</code> will be used. If
- <code>globalXsltFile</code> does not exist, then the default
- directory listing will be shown.
+ <p>You may also customize your directory listing by directory by
configuring
+ <code>localXsltFile</code>. This must be a file in the directory where the
+ listing will take place to with a <code>.xsl</code> or <code>.xslt</code>
+ extension. This overrides <code>globalXsltFile</code> and
+ <code>contextXsltFile</code>. If this value is present but a file does not
+ exist, then <code>contextXsltFile</code> will be used. If
+ <code>contextXsltFile</code> does not exist, then
+ <code>globalXsltFile</code> will be used. If <code>globalXsltFile</code>
+ does not exist, then the default directory listing will be shown.</p>
+ <p>Any <code>localXsltFile</code> is both a Tomcat configuration file and
+ part of the web application. As per the Tomcat security model, such files
+ are assumed to be trusted. Write access to this file should, like write
+ access to any Tomcat configuration file, be limited to trusted users. This
+ incudes users with remote access via WebDAV, PUT or similar.</p>
</property>
<property name="input">
Input buffer size (in bytes) when reading
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index ec338c3e58..049e2a73a1 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -178,6 +178,19 @@
</subsection>
</section>
+ <section name="User web applications">
+ <p>Web applications are assumed to be trusted. It is not safe to deploy web
+ applications from untrusted sources.</p>
+
+ <p>Any application functionality that permits the modification of a web
+ application (WebDAV, HTTP PUT requests etc.) may impact the security of
+ either the web application or the Tomcat instance on which it is running.
+ Such functionality should either be restricted to trusted users or
+ limited in scope (e.g. via security constraints) such that users with
access
+ to the functionality are unable to imapct the security of either the web
+ application or the Tomcat instance on which it is running.</p>
+ </section>
+
<section name="Security manager">
<p>Enabling the security manager causes web applications to be run in a
sandbox, significantly limiting a web application's ability to perform
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
