tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Bergsten <h...@gefionsoftware.com>
Subject Tomcat 3.2.2 [Was: Re: BugRat Report #690 has been filed.]
Date Thu, 11 Jan 2001 21:02:50 GMT
"Craig R. McClanahan" wrote:
> 
> Glenn Nielsen wrote:
> 
> > I stand corrected.
> >
> > The below problem was a bug in Tomcat.  Wrapping the RequestDispatcher
> > forward() and include() methods with a doPrivileged() if a SecurityManager
> > is being used fixed the problem.  When Tomcat 3.2.2 is released you will
> > no longer need to edit the jre/lib/security/java.security file to comment
> > out the package.access=sun. line.
> >
> > This fix is in the 3.2 CVS branch, and will be in the Tomcat 3.2.2 release.
> >
> 
> Glenn (and others),
> 
> Have we accumulated enough bug fixes where it's worth creating a 3.2.2 release, 
> or are there more issues that should be
> dealt with first?

I've seen the problem most recently reported in BugReport #744 described
a 
few times now, but I haven't had a chance to verify it and look for a
solution. 
Since this is a security bug, it seems like something that should be
included 
in 3.2.2.

I'll try to take a closer look at it this weekend, but can't promise
anything.

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com

Mime
View raw message