tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/ webapps/docs/changelog.xml
Date Fri, 14 Sep 2007 16:07:06 GMT
Remy Maucherat wrote:
> It's not a real veto anyway, but no proper review mechanism exists at 
> the moment, and it's hard to integrate feature additions in 6.0.x 
> without prior discussion.

I did review the patch:
- the syntax seems appropriate
- I don't know if it allows redirecting a single fine, but I think it 
should if it does not (I did not test it; at least the list feature 
would not be working right now)
- it seems like it will still validate going out of the remapped "base" 
path, which is good
- interaction with the webapp classloader, which might have special 
handling for /WEB-INF on the file based resources, is a question mark 
(compatibility with that would be good, if possible)
- security wise, it needs to be verified if the security manager 
prevents usage of the feature (normally it should, there are no 
privileged actions)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message