One last question Mark...
The tc6.6.x trunk has the patch and it works fine, but not yet the tc5.5.x.
Is it planned for the next 5.5.x release ?
Olivier Jaquemet wrote:
Thank you for your answer Mark.
Accept my apologies for bothering you with already fixed issues. I had
not found the appropriate discussions in the archive.
Olivier
Mark Thomas wrote:
Olivier Jaquemet wrote:
So my questions are :
- What could be done in Tomcat to fix this ?
This has been discussed extensively on the dev list and there is a
patch proposed. See the archives for details.
- Is the security problem real if it is why do other
application server vendors do not have this behavior ?
Yes the problem is real. It won't affect every installation or every
application but it does affect some. As for the other app servers:
don't know - haven't tested them.
- As it break older application and it is not compatible
with IE 7 in some circumstances. Do you really think this
modification should be kept that way ?
No. Again, see the discussion in the archives.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
