tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject cvs commit: jakarta-tomcat-4.0/catalina build.xml
Date Fri, 12 Oct 2001 19:31:04 GMT
remm        01/10/12 12:31:04

  Modified:    catalina Tag: tomcat_40_branch build.xml
  - Add tougher restrictions on the use of the CGI servlet by default, since the current
    installation seems to me exploit prone (although no actual exploit does exist at
    the moment).
  - The default web.xml won't attempt to load the CGI servlet anymore (under a
    security manager, we would have needed to edit the configuration file to make
    it secure).
  - The CGI servlet classes won't be available for loading by a web application.
    The JAR containing the classes will have to be renamed first.
  Revision  Changes    Path
  No                   revision
  No                   revision  +1 -1      jakarta-tomcat-4.0/catalina/build.xml
  Index: build.xml
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/build.xml,v
  retrieving revision
  retrieving revision
  diff -u -r1.60.2.6 -r1.60.2.7
  --- build.xml	2001/10/04 19:24:54
  +++ build.xml	2001/10/12 19:31:04
  @@ -725,7 +725,7 @@
       <!-- Servlets - CGI Servlet -->
  -    <jar jarfile="${catalina.deploy}/server/lib/servlets-cgi.jar">
  +    <jar jarfile="${catalina.deploy}/server/lib/servlets-cgi.renametojar">
         <fileset dir="${}/server/classes">
           <include name="org/apache/catalina/servlets/CGI*" />

View raw message