https://issues.apache.org/bugzilla/show_bug.cgi?id=55776
--- Comment #9 from Mark Thomas <ma...@apache.org> --- Point taken with respect to the standard class loader implementation but you also have to look at how 7.0.x behaved. 7.0.x allowed /../ and /./ sequences. It also allowed stepping outside of /WEB-INF/classes (note it only allowed stepping as far as the context root and this was because it added /WEB-INF/classes to the resource path before doing a standard resources lookup). I would argue that this fix in 8.0.x is currently a step in the right direction. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
