tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jkew <>
Subject Re: [Fwd: [Security] - **Updated** Important vulnerability disclosed in Apache Tomcat webdav servlet]
Date Sun, 21 Oct 2007 19:14:50 GMT
Mark Thomas wrote:
> William L. Thomson Jr. wrote:
>> I take it down streams should run with the first patches to work around
>> this vulnerability till next release. I already applied the one liner,
>> kinda glad I did not apply the other last night ;) Please advise,
>> thanks.
> You need a version of the second patch for a complete fix. If you want
> logging - apply my version, if you don't - apply Remy's. Both fix the
> problem, just in slightly different ways.

I've been using Mark's patch, which I personally prefer right now. I'll 
experiment with Remy's patch on Monday, but I have a slightly tangential 

Q. Where should I put, and how should I build a unit test for the webdav 
issue? I noticed that Jean-Frederic created a great unit test within 
/test for the cookie issue, but I don't believe his patch was ever 
committed. Is there a formal unit test framework for these issues?

My existing test for the webdav issue is just a war file, but I'd like 
something semi-permanent and manageable. I'm a little ignorant of of the 
history here, so forgive me if I'm a little lost.
> We'll have to wait and see which way the voting goes for which patch
> gets incorporated into the code base.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message