https://bz.apache.org/bugzilla/show_bug.cgi?id=60674
--- Comment #2 from Ralf Hauser ---
Other security classes are not final.
And an attacker would also have to alter the web.xml to have the subclass used
at all to begin with.
IMHO, putting such a class as "final" is also against the open sourc
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-tc8.0.x-test-nio2 has an issue affecting its community
integration
