DO NOT REPLY [Bug 49750] New: WebappClassLoader.validate(name) does not validate javax.servlet.

bugzilla Sun, 15 Aug 2010 08:07:20 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=49750


           Summary: WebappClassLoader.validate(name) does not validate
                    javax.servlet.
           Product: Tomcat 7
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: pids...@apache.org


The method does not validate the class name as described in the method
documentation.

"Validate a classname. As per SRV.9.7.2, we must restrict loading of classes
from J2SE (java.*) and classes of the servlet API (javax.servlet.*) "

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 49750] New: WebappClassLoader.validate(name) does not validate javax.servlet.

Reply via email to