tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina build.xml
Date Fri, 12 Oct 2001 19:31:04 GMT
remm        01/10/12 12:31:04

  Modified:    catalina Tag: tomcat_40_branch build.xml
  Log:
  - Add tougher restrictions on the use of the CGI servlet by default, since the current
    installation seems to me exploit prone (although no actual exploit does exist at
    the moment).
  - The default web.xml won't attempt to load the CGI servlet anymore (under a
    security manager, we would have needed to edit the configuration file to make
    it secure).
  - The CGI servlet classes won't be available for loading by a web application.
    The JAR containing the classes will have to be renamed first.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.60.2.7  +1 -1      jakarta-tomcat-4.0/catalina/build.xml
  
  Index: build.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/build.xml,v
  retrieving revision 1.60.2.6
  retrieving revision 1.60.2.7
  diff -u -r1.60.2.6 -r1.60.2.7
  --- build.xml	2001/10/04 19:24:54	1.60.2.6
  +++ build.xml	2001/10/12 19:31:04	1.60.2.7
  @@ -725,7 +725,7 @@
       </jar>
   
       <!-- Servlets - CGI Servlet -->
  -    <jar jarfile="${catalina.deploy}/server/lib/servlets-cgi.jar">
  +    <jar jarfile="${catalina.deploy}/server/lib/servlets-cgi.renametojar">
         <fileset dir="${catalina.build}/server/classes">
           <include name="org/apache/catalina/servlets/CGI*" />
         </fileset>
  
  
  

Mime
View raw message