tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Frederic <jfcl...@gmail.com>
Subject Re: svn commit: r546531 - in /tomcat/connectors/trunk/jk/native: apache-1.3/mod_jk.c apache-2.0/mod_jk.c common/jk_global.h common/jk_url.c common/jk_url.h common/list.mk.in
Date Wed, 13 Jun 2007 07:07:54 GMT
On Tue, 2007-06-12 at 19:50 +0200, Mladen Turk wrote:
> Jean-Frederic wrote:
>  >>> Add ForwardURIProxy to the URl handling option.
>  >>> common/jk_url.c is just a porting of the routines
>  >>> from proxy_util.c (Apache httpd).
>  >> After quite a few discussions, I think this should be the only mode available
for URI handling, as the two others are broken.
>  >>
>  >> Comments ?
>  >
>  > Additionaly I want to rollback r544137 too.
>  >
> 
> Why?

To reach the following:
url       file/dir TC Compat Proxy Proxy-r544137
%252007    %2007   ok no     ok    ok
%252E%252E %2E%2E  ok no     no    ok

Of course using Compat-r544137 would reopen the vulnerability.

Cheers

Jean-Frederic


> Let's stop a bit and test things before.
> 
> Regards,
> Mladen.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message