Author: markt Date: Sat Jan 8 18:56:57 2011 New Revision: 1056763 URL: http://svn.apache.org/viewvc?rev=1056763&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 Force DefaultServlet to serve all resources relative to context root regardless of mappings/mount point. Prevents access to WEB-INF and META-INF when the default servlet is mapped to a sub-path. Also fixes WebdavServlet, which is affected for GET requests. This is a breaking change for anyone re-mapping DefaultServlet to a sub-path (current behaviour is to remount the entire web application under the path, which exposes WEB-INF/META-INF).
Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Sat Jan 8 18:56:57 2011 @@ -1 +1 @@ -/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77 0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901 39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,944409,944416,945231,945808,945835,945841,946686 ,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004868-1004869,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1037715,1037794,1037887,1037924,1038041,1044987,1055055,1055458 +/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77 0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901 39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,944409,944416,945231,945808,945835,945841,946686 ,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1044987,1055055,1055458 Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1056763&r1=1056762&r2=1056763&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Jan 8 18:56:57 2011 @@ -61,24 +61,6 @@ PATCHES PROPOSED TO BACKPORT: cause confusion. I'd prefer not to invent a new name, but mention the one that we already have when documenting virtualClasspath. -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 - Force DefaultServlet to serve all resources relative to context root - regardless of mappings/mount point. - Prevents access to WEB-INF and META-INF when the default servlet is - mapped to a sub-path. Also fixes WebdavServlet, which is affected for GET - requests. - This is a breaking change for anyone re-mapping DefaultServlet to a sub-path - (current behaviour is to remount the entire web application under the path, - which exposes WEB-INF/META-INF). - http://svn.apache.org/viewvc?rev=1004393&view=rev - http://svn.apache.org/viewvc?rev=1004409&view=rev - http://svn.apache.org/viewvc?rev=1004415&view=rev - http://svn.apache.org/viewvc?rev=1004912&view=rev (fix for includes) - +1: timw - +1: markt, kkolinko,funkman if http://svn.apache.org/viewvc?rev=1033897&view=rev - is also applied - -1: - * Fix path parameter handling. Currently the following URL fails with a 404: http://localhost:8080/examples/jsp/snp;x=y/snoop.jsp http://people.apache.org/~kkolinko/patches/2010-11-17_tc6_path-params.patch Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1056763&r1=1056762&r2=1056763&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Sat Jan 8 18:56:57 2011 @@ -68,9 +68,44 @@ import org.apache.naming.resources.Resou /** - * The default resource-serving servlet for most web applications, + * <p>The default resource-serving servlet for most web applications, * used to serve static resources such as HTML pages and images. - * + * </p> + * <p> + * This servlet is intended to be mapped to <em>/</em> e.g.: + * </p> + * <pre> + * <servlet-mapping> + * <servlet-name>default</servlet-name> + * <url-pattern>/</url-pattern> + * </servlet-mapping> + * </pre> + * <p>It can be mapped to sub-paths, however in all cases resources are served + * from the web appplication resource root using the full path from the root + * of the web application context. + * <br/>e.g. given a web application structure: + *</p> + * <pre> + * /context + * /images + * tomcat2.jpg + * /static + * /images + * tomcat.jpg + * </pre> + * <p> + * ... and a servlet mapping that maps only <code>/static/*</code> to the default servlet: + * </p> + * <pre> + * <servlet-mapping> + * <servlet-name>default</servlet-name> + * <url-pattern>/static/*</url-pattern> + * </servlet-mapping> + * </pre> + * <p> + * Then a request to <code>/context/static/images/tomcat.jpg</code> will succeed + * while a request to <code>/context/images/tomcat2.jpg</code> will fail. + * </p> * @author Craig R. McClanahan * @author Remy Maucherat * @version $Id$ @@ -296,16 +331,26 @@ public class DefaultServlet * @param request The servlet request we are processing */ protected String getRelativePath(HttpServletRequest request) { + // IMPORTANT: DefaultServlet can be mapped to '/' or '/path/*' but always + // serves resources from the web app root with context rooted paths. + // i.e. it can not be used to mount the web app root under a sub-path + // This method must construct a complete context rooted path, although + // subclasses can change this behaviour. // Are we being processed by a RequestDispatcher.include()? if (request.getAttribute(Globals.INCLUDE_REQUEST_URI_ATTR) != null) { String result = (String) request.getAttribute( Globals.INCLUDE_PATH_INFO_ATTR); - if (result == null) + if (result == null) { result = (String) request.getAttribute( Globals.INCLUDE_SERVLET_PATH_ATTR); - if ((result == null) || (result.equals(""))) + } else { + result = (String) request.getAttribute( + Globals.INCLUDE_SERVLET_PATH_ATTR) + result; + } + if ((result == null) || (result.equals(""))) { result = "/"; + } return (result); } @@ -313,6 +358,8 @@ public class DefaultServlet String result = request.getPathInfo(); if (result == null) { result = request.getServletPath(); + } else { + result = request.getServletPath() + result; } if ((result == null) || (result.equals(""))) { result = "/"; @@ -323,6 +370,18 @@ public class DefaultServlet /** + * Determines the appropriate path to prepend resources with + * when generating directory listings. Depending on the behaviour of + * {...@link #getRelativePath(HttpServletRequest)} this will change. + * @param request the request to determine the path for + * @return the prefix to apply to all resources in the listing. + */ + protected String getPathPrefix(final HttpServletRequest request) { + return request.getContextPath(); + } + + + /** * Process a GET request for the specified resource. * * @param request The servlet request we are processing @@ -833,8 +892,7 @@ public class DefaultServlet if (content) { // Serve the directory browser - renderResult = - render(request.getContextPath(), cacheEntry); + renderResult = render(getPathPrefix(request), cacheEntry); } } Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=1056763&r1=1056762&r2=1056763&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java Sat Jan 8 18:56:57 2011 @@ -30,6 +30,7 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Enumeration; import java.util.Hashtable; +import java.util.Locale; import java.util.Stack; import java.util.TimeZone; import java.util.Vector; @@ -70,45 +71,58 @@ import org.xml.sax.SAXException; * Servlet which adds support for WebDAV level 2. All the basic HTTP requests * are handled by the DefaultServlet. The WebDAVServlet must not be used as the * default servlet (ie mapped to '/') as it will not work in this configuration. - * To enable WebDAV for a context add the following to web.xml:<br/><code> - * <servlet><br/> - * <servlet-name>webdav</servlet-name><br/> - * <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class><br/> - * <init-param><br/> - * <param-name>debug</param-name><br/> - * <param-value>0</param-value><br/> - * </init-param><br/> - * <init-param><br/> - * <param-name>listings</param-name><br/> - * <param-value>true</param-value><br/> - * </init-param><br/> - * </servlet><br/> - * <servlet-mapping><br/> - * <servlet-name>webdav</servlet-name><br/> - * <url-pattern>/*</url-pattern><br/> - * </servlet-mapping> - * </code> * <p/> - * This will enable read only access. To enable read-write access add:<br/> - * <code> - * <init-param><br/> - * <param-name>readonly</param-name><br/> - * <param-value>false</param-value><br/> - * </init-param><br/> - * </code> + * Mapping a subpath (e.g. <code>/webdav/*</code> to this servlet has the effect + * of re-mounting the entire web application under that sub-path, with WebDAV + * access to all the resources. This <code>WEB-INF</code> and <code>META-INF</code> + * directories are protected in this re-mounted resource tree. * <p/> - * To make the content editable via a different URL, using the following - * mapping:<br/> - * <code> - * <servlet-mapping><br/> - * <servlet-name>webdav</servlet-name><br/> - * <url-pattern>/webdavedit/*</url-pattern><br/> + * To enable WebDAV for a context add the following to web.xml: + * <pre> + * <servlet> + * <servlet-name>webdav</servlet-name> + * <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class> + * <init-param> + * <param-name>debug</param-name> + * <param-value>0</param-value> + * </init-param> + * <init-param> + * <param-name>listings</param-name> + * <param-value>false</param-value> + * </init-param> + * </servlet> + * <servlet-mapping> + * <servlet-name>webdav</servlet-name> + * <url-pattern>/*</url-pattern> * </servlet-mapping> - * </code> - * <p/> - * Don't forget to secure access appropriately to the editing URLs. With this - * configuration the context will be accessible to normal users as before. Those - * users with the necessary access will be able to edit content available via + * </pre> + * This will enable read only access. To enable read-write access add: + * <pre> + * <init-param> + * <param-name>readonly</param-name> + * <param-value>false</param-value> + * </init-param> + * </pre> + * To make the content editable via a different URL, use the following + * mapping: + * <pre> + * <servlet-mapping> + * <servlet-name>webdav</servlet-name> + * <url-pattern>/webdavedit/*</url-pattern> + * </servlet-mapping> + * </pre> + * By default access to /WEB-INF and META-INF are not available via WebDAV. To + * enable access to these URLs, use add: + * <pre> + * <init-param> + * <param-name>allowSpecialPaths</param-name> + * <param-value>true</param-value> + * </init-param> + * </pre> + * Don't forget to secure access appropriately to the editing URLs, especially + * if allowSpecialPaths is used. With the mapping configuration above, the + * context will be accessible to normal users as before. Those users with the + * necessary access will be able to edit content available via * http://host:port/context/content using * http://host:port/context/webdavedit/content * @@ -253,6 +267,13 @@ public class WebdavServlet private int maxDepth = 3; + /** + * Is access allowed via WebDAV to the special paths (/WEB-INF and + * /META-INF)? + */ + private boolean allowSpecialPaths = false; + + // --------------------------------------------------------- Public Methods @@ -271,6 +292,10 @@ public class WebdavServlet maxDepth = Integer.parseInt( getServletConfig().getInitParameter("maxDepth")); + if (getServletConfig().getInitParameter("allowSpecialPaths") != null) + allowSpecialPaths = Boolean.parseBoolean( + getServletConfig().getInitParameter("allowSpecialPaths")); + // Load the MD5 helper used to calculate signatures. try { md5Helper = MessageDigest.getInstance("MD5"); @@ -312,10 +337,21 @@ public class WebdavServlet protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - String method = req.getMethod(); + final String path = getRelativePath(req); + + // Block access to special subdirectories. + // DefaultServlet assumes it services resources from the root of the web app + // and doesn't add any special path protection + // WebdavServlet remounts the webapp under a new path, so this check is + // necessary on all methods (including GET). + if (isSpecialPath(path)) { + resp.sendError(WebdavStatus.SC_NOT_FOUND); + return; + } + + final String method = req.getMethod(); if (debug > 0) { - String path = getRelativePath(req); log("[" + method + "] " + path); } @@ -342,6 +378,19 @@ public class WebdavServlet /** + * Checks whether a given path refers to a resource under + * <code>WEB-INF</code> or <code>META-INF</code>. + * @param path the full path of the resource being accessed + * @return <code>true</code> if the resource specified is under a special path + */ + private final boolean isSpecialPath(final String path) { + return !allowSpecialPaths && ( + path.toUpperCase(Locale.ENGLISH).startsWith("/WEB-INF") || + path.toUpperCase(Locale.ENGLISH).startsWith("/META-INF")); + } + + + /** * Check if the conditions specified in the optional If headers are * satisfied. * @@ -395,6 +444,20 @@ public class WebdavServlet /** + * Determines the prefix for standard directory GET listings. + */ + @Override + protected String getPathPrefix(final HttpServletRequest request) { + // Repeat the servlet path (e.g. /webdav/) in the listing path + String contextPath = request.getContextPath(); + if (request.getServletPath() != null) { + contextPath = contextPath + request.getServletPath(); + } + return contextPath; + } + + + /** * OPTIONS Method. * * @param req The request @@ -436,12 +499,6 @@ public class WebdavServlet if (path.endsWith("/")) path = path.substring(0, path.length() - 1); - if ((path.toUpperCase().startsWith("/WEB-INF")) || - (path.toUpperCase().startsWith("/META-INF"))) { - resp.sendError(WebdavStatus.SC_FORBIDDEN); - return; - } - // Properties which are to be displayed. Vector<String> properties = null; // Propfind depth @@ -708,12 +765,6 @@ public class WebdavServlet String path = getRelativePath(req); - if ((path.toUpperCase().startsWith("/WEB-INF")) || - (path.toUpperCase().startsWith("/META-INF"))) { - resp.sendError(WebdavStatus.SC_FORBIDDEN); - return; - } - boolean exists = true; Object object = null; try { @@ -1580,20 +1631,14 @@ public class WebdavServlet if (debug > 0) log("Dest path :" + destinationPath); - if ((destinationPath.toUpperCase().startsWith("/WEB-INF")) || - (destinationPath.toUpperCase().startsWith("/META-INF"))) { + // Check destination path to protect special sub-directories + if (isSpecialPath(destinationPath)) { resp.sendError(WebdavStatus.SC_FORBIDDEN); return false; } String path = getRelativePath(req); - if ((path.toUpperCase().startsWith("/WEB-INF")) || - (path.toUpperCase().startsWith("/META-INF"))) { - resp.sendError(WebdavStatus.SC_FORBIDDEN); - return false; - } - if (destinationPath.equals(path)) { resp.sendError(WebdavStatus.SC_FORBIDDEN); return false; @@ -1787,12 +1832,6 @@ public class WebdavServlet HttpServletResponse resp, boolean setStatus) throws ServletException, IOException { - if ((path.toUpperCase().startsWith("/WEB-INF")) || - (path.toUpperCase().startsWith("/META-INF"))) { - resp.sendError(WebdavStatus.SC_FORBIDDEN); - return false; - } - String ifHeader = req.getHeader("If"); if (ifHeader == null) ifHeader = ""; @@ -1872,8 +1911,8 @@ public class WebdavServlet if (debug > 1) log("Delete:" + path); - if ((path.toUpperCase().startsWith("/WEB-INF")) || - (path.toUpperCase().startsWith("/META-INF"))) { + // Prevent deletion of special sub-directories + if (isSpecialPath(path)) { errorList.put(path, new Integer(WebdavStatus.SC_FORBIDDEN)); return; } @@ -2009,9 +2048,7 @@ public class WebdavServlet Vector<String> propertiesVector) { // Exclude any resource in the /WEB-INF and /META-INF subdirectories - // (the "toUpperCase()" avoids problems on Windows systems) - if (path.toUpperCase().startsWith("/WEB-INF") || - path.toUpperCase().startsWith("/META-INF")) + if (isSpecialPath(path)) return; CacheEntry cacheEntry = resources.lookupCache(path); @@ -2296,9 +2333,7 @@ public class WebdavServlet Vector propertiesVector) { // Exclude any resource in the /WEB-INF and /META-INF subdirectories - // (the "toUpperCase()" avoids problems on Windows systems) - if (path.toUpperCase().startsWith("/WEB-INF") || - path.toUpperCase().startsWith("/META-INF")) + if (isSpecialPath(path)) return; // Retrieving the lock associated with the lock-null resource Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1056763&r1=1056762&r2=1056763&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Jan 8 18:56:57 2011 @@ -153,6 +153,10 @@ Add security policy and token poller protection to the JRE memory leak protection provided in Tomcat 6. (markt/kkolinko) </add> + <add> + <bug>50026</bug>: Add support for mapping the default servlet to URLs + other than /. (timw) + </add> <fix> <bug>50128</bug>: Improve exception handling in PersistentManagerBase when running with a security manager. (kkolinko) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org