2013/11/25 <ma...@apache.org>: > Author: markt > Date: Mon Nov 25 10:26:26 2013 > New Revision: 1545213 > > URL: http://svn.apache.org/r1545213 > Log: > When running under a security manager disabled deployXML by default. >
+1. Note, that The manager application in its default configuration will stop working There was a thread in October, "can't connect to manager application" http://markmail.org/thread/ob3kjbnvu2usljmz I thought to add this effect to the description of "deployXML" attribute, but have not got there yet. Similarly, if someone has important bits in their META-INF/context.xml such as RemoteAddrValve and AccessLogValve, those will be ignored with this change. If those were not critical to one's web application and it starts successfully, it will lower their security, In TC7 changelog: > Host's <code>deloyXML</code> attribute to <code>false</code>. s/deloy/deploy/ Best regards, Konstantin Kolinko > Modified: > tomcat/trunk/java/org/apache/catalina/core/StandardHost.java > tomcat/trunk/webapps/docs/config/host.xml > tomcat/trunk/webapps/docs/security-howto.xml > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
