tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57458] Mixed up responses sent to wrong users
Date Mon, 19 Jan 2015 10:37:56 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=57458

--- Comment #3 from Konstantin Kolinko <knst.kolinko@gmail.com> ---
(In reply to Mark Thomas from comment #1)
> 7.0.39 is getting on for 2 years old and has a number of known security
> vulnerabilities including one that can result in response mix ups.
> 
> Please upgrade to the latest stable 7.0.x release (7.0.58 as I type this)
> and retest.

+1

Correction:
7.0.57 is the last released version. (7.0.58 has not been tagged yet).

I also recommend to add the following line to conf/catalina.properties
org.apache.catalina.connector.RECYCLE_FACADES=true

Documentation:
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security

That settings helps to prevent and detect programming errors in web
applications such as illegal access to request/response objects outside of
their life cycle.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message