tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfcl...@gmail.com>
Subject Re: [Fwd: [Security] - **Updated** Important vulnerability disclosed in Apache Tomcat webdav servlet]
Date Mon, 22 Oct 2007 07:00:43 GMT
jkew wrote:
> Mark Thomas wrote:
>> William L. Thomson Jr. wrote:
>>  
>>> I take it down streams should run with the first patches to work around
>>> this vulnerability till next release. I already applied the one liner,
>>> kinda glad I did not apply the other last night ;) Please advise,
>>> thanks.
>>>     
>>
>> You need a version of the second patch for a complete fix. If you want
>> logging - apply my version, if you don't - apply Remy's. Both fix the
>> problem, just in slightly different ways.
>>
>>   
> 
> I've been using Mark's patch, which I personally prefer right now. I'll
> experiment with Remy's patch on Monday, but I have a slightly tangential
> question:
> 
> Q. Where should I put, and how should I build a unit test for the webdav
> issue? I noticed that Jean-Frederic created a great unit test within
> /test for the cookie issue, but I don't believe his patch was ever
> committed. Is there a formal unit test framework for these issues?

No yet but I think we should have tests for nearly everything.

Cheers

Jean-Frederic

> 
> My existing test for the webdav issue is just a war file, but I'd like
> something semi-permanent and manageable. I'm a little ignorant of of the
> history here, so forgive me if I'm a little lost.
>> We'll have to wait and see which way the voting goes for which patch
>> gets incorporated into the code base.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>   
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message