Author: markt
Date: Sat Feb 21 00:47:09 2009
New Revision: 746426
URL: http://svn.apache.org/viewvc?rev=746426&view=rev
Log:
Propose additional patch to address security concerns
I'm removing Filip's +1 since the patch has changed a fair bit
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=746426&r1=746425&r2=746426&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Feb 21 00:47:09 2009
@@ -90,11 +90,12 @@
-1:
* Changes required to run with a security manager
- http://svn.apache.org/viewvc?rev=721286&view=rev
- http://svn.apache.org/viewvc?rev=721704&view=rev
- http://svn.apache.org/viewvc?rev=721708&view=rev
- http://svn.apache.org/viewvc?rev=721886&view=rev
- +1: markt, fhanik
+ http://svn.apache.org/viewvc?rev=721286&view=rev (original)
+ http://svn.apache.org/viewvc?rev=721704&view=rev (original)
+ http://svn.apache.org/viewvc?rev=721708&view=rev (original)
+ http://svn.apache.org/viewvc?rev=721886&view=rev (original)
+ http://svn.apache.org/viewvc?rev=746425&view=rev (to address Bill's concerns)
+ +1: markt
0: billbarker: Haven't tried to break it yet, but the 4th patch potentially
offers access to static fields in ELContextImpl and ELResolverImpl that
could
possibly be exploited by a malicious webapp.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
