tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jkew <j...@sourcelabs.com>
Subject Re: [Fwd: [Security] - **Updated** Important vulnerability disclosed in Apache Tomcat webdav servlet]
Date Sun, 21 Oct 2007 19:14:50 GMT
Mark Thomas wrote:
> William L. Thomson Jr. wrote:
>   
>> I take it down streams should run with the first patches to work around
>> this vulnerability till next release. I already applied the one liner,
>> kinda glad I did not apply the other last night ;) Please advise,
>> thanks.
>>     
>
> You need a version of the second patch for a complete fix. If you want
> logging - apply my version, if you don't - apply Remy's. Both fix the
> problem, just in slightly different ways.
>
>   

I've been using Mark's patch, which I personally prefer right now. I'll 
experiment with Remy's patch on Monday, but I have a slightly tangential 
question:

Q. Where should I put, and how should I build a unit test for the webdav 
issue? I noticed that Jean-Frederic created a great unit test within 
/test for the cookie issue, but I don't believe his patch was ever 
committed. Is there a formal unit test framework for these issues?

My existing test for the webdav issue is just a war file, but I'd like 
something semi-permanent and manageable. I'm a little ignorant of of the 
history here, so forgive me if I'm a little lost.
> We'll have to wait and see which way the voting goes for which patch
> gets incorporated into the code base.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message