tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-4.0 RELEASE-NOTES-4.0.1.txt
Date Sat, 13 Oct 2001 19:18:36 GMT
remm        01/10/13 12:18:36

  Modified:    .        Tag: tomcat_40_branch RELEASE-NOTES-4.0.1.txt
  Log:
  - Add instructions on how to enable CGI and SSI support.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.1.2.13  +32 -1     jakarta-tomcat-4.0/Attic/RELEASE-NOTES-4.0.1.txt
  
  Index: RELEASE-NOTES-4.0.1.txt
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/Attic/RELEASE-NOTES-4.0.1.txt,v
  retrieving revision 1.1.2.12
  retrieving revision 1.1.2.13
  diff -u -r1.1.2.12 -r1.1.2.13
  --- RELEASE-NOTES-4.0.1.txt	2001/10/13 02:17:00	1.1.2.12
  +++ RELEASE-NOTES-4.0.1.txt	2001/10/13 19:18:36	1.1.2.13
  @@ -3,7 +3,7 @@
                               Release Notes
                               =============
   
  -$Id: RELEASE-NOTES-4.0.1.txt,v 1.1.2.12 2001/10/13 02:17:00 remm Exp $
  +$Id: RELEASE-NOTES-4.0.1.txt,v 1.1.2.13 2001/10/13 19:18:36 remm Exp $
   
   
   ============
  @@ -150,6 +150,7 @@
   * Linux and Sun JDK 1.2.x - 1.3.x
   * Jasper and Jikes
   * Tomcat 4.0 and Apache Cocoon 2.0
  +* Enabling SSI and CGI Support
   
   
   ---------------------
  @@ -339,6 +340,36 @@
   For optimal performance with Apache Cocoon 2.0, it is recommended to use the
   HTTP/1.0 connector.
   
  +
  +----------------------------
  +Enabling SSI and CGI Support:
  +----------------------------
  +
  +Having CGI and SSI available to web applications created security problems when
  +using a security manager (as a malicious web application could use them to 
  +sidestep the security manager access control). In Tomcat 4.0.1, they have been
  +disabled by default, as our goal is to provide a fully secure default 
  +configuration. However, CGI and SSI remain available in Tomcat 4.0.1.
  +
  +On Windows:
  +* rename the file %CATALINA_HOME%\server\lib\servlets-cgi.renametojar to
  +  %CATALINA_HOME%\server\lib\servlets-cgi.jar.
  +* rename the file %CATALINA_HOME%\server\lib\servlets-ssi.renametojar to
  +  %CATALINA_HOME%\server\lib\servlets-ssi.jar.
  +* in %CATALINA_HOME%\conf\web.xml, uncomment the servlet declarations starting
  +  line 165 and 213, as well as the associated servlet mappings 
  +  line 265 and 274. Alternately, these servlet declarations and mappings can
  +  be added to your web application deployment descriptor.
  +
  +On Unix:
  +* rename the file $CATALINA_HOME/server/lib/servlets-cgi.renametojar to
  +  $CATALINA_HOME/server/lib/servlets-cgi.jar.
  +* rename the file $CATALINA_HOME/server/lib/servlets-ssi.renametojar to
  +  $CATALINA_HOME/server/lib/servlets-ssi.jar.
  +* in $CATALINA_HOME/conf/web.xml, uncomment the servlet declarations starting
  +  line 165 and 213, as well as the associated servlet mappings 
  +  line 265 and 274. Alternately, these servlet declarations and mappings can
  +  be added to your web application deployment descriptor.
   
   
   
  
  
  

Mime
View raw message