tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cost...@covalent.net>
Subject Re: [VOTE] Tomcat 4.0.1 release
Date Fri, 12 Oct 2001 19:10:55 GMT
On Fri, 12 Oct 2001, Remy Maucherat wrote:

> > BTW, the CGI problem doesn't seem to be resolved, it should be mentioned
> > in the release notes ( for people who use sandbox - including a workaround
> > maybe )
>
> Good idea, I will.
>
> Just removing the server/lib/servlets-cgi.jar should do it.

I think you need to comment it out in web.xml too, otherwise it fails to
start.

Probably in 4.0.2 it would be better to release in a secure configuration
( with servlets-cgi in a separate directory, and instructions to enable
it). Having untrusted code able to execute native code is not the best
default.


Costin


Mime
View raw message