tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Date Tue, 23 Nov 2010 09:59:59 GMT
On 22/11/2010 19:52, Konstantin Kolinko wrote:
> 2010/11/22 Mark Thomas <markt@apache.org>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
>>
> 
> (...)
> 
> FYI:
> The patches included in the announcement are hardly readable, because
> the mailing software replaced '-' with '- -' and the start of lines,
> and wrapped long lines as well.

That is as a result of the e-mail being digitally signed. E-mail clients
capable of processing the signature will remove the double '- -' and
unwrap any wrapped lines.

The mirrors have now picked up the patches so I'll post a quick follow
up to the users and dev list with links to the patches.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message