Dear users and supporters,
Currently I have two CGI scripts:
1. "/cgi-bin/update" //an administrative command, required role="admin"
2. "/cgi-bin/updateOrder" //update order, required role="biz"
In order to protect above endpoints via web.xml security-constraints mechanism,
how shall I do?
Rega
From: Christopher Schultz
Sent: Thursday, April 10, 2025 2:22
To: users@tomcat.apache.org
Subject: Re: HOWTO: the right way to configure security constraints to protect
CGI scripts in web.xml
Mark,
On 4/8/25 5:40 PM, Mark Thomas wrote:
> 8 Apr 2025 21:45:50 Ch
Sent: Wednesday, April 9, 2025 5:40
To: Tomcat Users List
Subject: Re: HOWTO: the right way to configure security constraints to protect
CGI scripts in web.xml
8 Apr 2025 21:45:50 Christopher Schultz :
> Justin,
>
> On 4/8/25 3:16 AM, Justin Chen wrote:
>> Dear users and supporters,
hi,
Main branch: Receive unexpected 400 for curl put with content-range header
value "bytes 0-0/1" and
-d c.
PR submitted.
Regards,
Chenjp
Per original reports from Greg K, pathInfo is not the only
weakness.
From: Mark Thomas
Sent: Friday, May 30, 2025 3:02
To: Tomcat Users List
Cc: annou...@apache.org; annou...@tomcat.apache.org; Tomcat Developers List
Subject: [SECURITY] CVE-2025-46701 Apa