tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/conf web.xml
Date Fri, 12 Oct 2001 19:29:41 GMT
remm        01/10/12 12:29:41

  Modified:    catalina/src/conf Tag: tomcat_40_branch web.xml
  Log:
  - Add tougher restrictions on the use of the CGI servlet by default, since the current
    installation seems to me exploit prone (although no actual exploit does exist at
    the moment).
  - The default web.xml won't attempt to load the CGI servlet anymore (under a
    security manager, we would have needed to edit the configuration file to make
    it secure).
  - The CGI servlet classes won't be available for loading by a web application.
    The JAR containing the classes will have to be renamed first.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.22.2.4  +6 -2      jakarta-tomcat-4.0/catalina/src/conf/web.xml
  
  Index: web.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/web.xml,v
  retrieving revision 1.22.2.3
  retrieving revision 1.22.2.4
  diff -u -r1.22.2.3 -r1.22.2.4
  --- web.xml	2001/10/11 04:10:23	1.22.2.3
  +++ web.xml	2001/10/12 19:29:41	1.22.2.4
  @@ -202,6 +202,11 @@
     <!--   debug               Debugging detail level for messages logged     -->
     <!--                       by this servlet.  [0]                          -->
   
  +  <!-- IMPORTANT: To use the CGI servlet, you also need to rename the       -->
  +  <!--            $CATALINA_HOME/server/lib/servlets-cgi.renametojar to     -->
  +  <!--            $CATALINA_HOME/server/lib/servlets-cgi.jar                -->
  +
  +<!--
     <servlet>
       <servlet-name>cgi</servlet-name>
       <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
  @@ -217,10 +222,9 @@
         <param-name>cgiPathPrefix</param-name>
         <param-value>WEB-INF/cgi</param-value>
       </init-param>
  -<!--
        <load-on-startup>5</load-on-startup>
  --->
      </servlet>
  +-->
   
   
     <!-- ================ Built In Servlet Mappings ========================= -->
  
  
  

Mime
View raw message