https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #3 from Mark Thomas <ma...@apache.org> 2010-11-08 09:42:05 EST --- The comment re CSRF is pure FUD: a) POSTs make it marginally harder to commit a CSRF attack but by no means prevent it. b) The generic CSRF protection from Tomcat 7 has been back-ported to 6.0.x and will be included for the Manager and Host Manager in 6.0.30 onwards. I'd lean towards not fixing this in 6.0.x but if someone wants to back-port the changes from 7.0.x I'd probably vote for it. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
