Author: markt Revision: 1585853 Modified property: svn:log Modified: svn:log at Tue May 27 13:01:43 2014 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Tue May 27 13:01:43 2014 @@ -1,2 +1,3 @@ Redefine the globalXsltFile initialisation parameter of the DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf. Prevent user supplied XSLTs used by the DefaultServlet from defining external entities. +This is the fix for CVE-2014-0096
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
