tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <rmauch...@home.com>
Subject Re: [VOTE] Tomcat 4.0.1 release
Date Sun, 28 Oct 2001 16:23:16 GMT
> Anyone working on this (or should I start)?

That's already been done (and integrated in 4.0.1).

> cmanolache@yahoo.com wrote:
>
> > On Sat, 13 Oct 2001, Pier Fumagalli wrote:
> >
> >
> >>On Friday, October 12, 2001, at 07:57  pm, <cmanolache@yahoo.com> wrote:
> >>
> >>>BTW, the CGI problem doesn't seem to be resolved, it should be
> >>>mentioned
> >>>in the release notes ( for people who use sandbox - including a
> >>>workaround
> >>>maybe )
> >>>
> >>What was the CGI problem? I don't see it in BugZilla, I might have
> >>lost it in the void of my vacation?
> >>
> >
> > It was discussed some time ago on tomcat-dev - if you run tomcat
> > in sandbox mode ( and assume that you can deploy webapps in
> > a secure way, like applets in a browser ) you'll have a bad surprise -
> > the webapps will be indeed restricted to what the policy file says, with
> > one exception - that they'll be able to execute arbitrary programs ( by
> > declaring the cgi/ssi servlet, adding a mapping and an exe in
> > the WEB-INF ).
> >
> > ( BTW, I hope the fix will be ported to various apps that include tomcat
> > as well, especially those using sandbox - most j2ee impl. do that... )

Remy


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message