tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Bourg <ebo...@apache.org>
Subject About CVE-2015-5345
Date Thu, 08 Dec 2016 09:54:56 GMT
[resending as a new message instead of a reply, sorry]

Hi all,

I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be part of the fix, otherwise the
mapper*RedirectEnabled attributes set on the context are ignored, right?
Also I haven't found an equivalent commit for Tomcat 8, is this normal?

Thank you,

Emmanuel Bourg

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message