Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 11762 invoked from network); 28 Sep 2005 20:11:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 28 Sep 2005 20:11:16 -0000 Received: (qmail 24099 invoked by uid 500); 28 Sep 2005 20:11:01 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 24064 invoked by uid 500); 28 Sep 2005 20:11:00 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 24051 invoked by uid 99); 28 Sep 2005 20:11:00 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Sep 2005 13:11:00 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of caron@unidata.ucar.edu designates 128.117.140.62 as permitted sender) Received: from [128.117.140.62] (HELO unidata.ucar.edu) (128.117.140.62) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Sep 2005 13:11:05 -0700 Received: from [128.117.140.172] (dhcp12.unidata.ucar.edu [128.117.140.172]) by unidata.ucar.edu (UCAR/Unidata) with ESMTP id j8SKAcG7006838 for ; Wed, 28 Sep 2005 14:10:38 -0600 (MDT) Organization: UCAR/Unidata Keywords: 200509282010.j8SKAcG7006838 Message-ID: <433AF8B9.5020208@unidata.ucar.edu> Date: Wed, 28 Sep 2005 14:10:33 -0600 From: John Caron User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List Subject: Possible Security Bug References: <01b201c5c465$a00b8e20$4600000a@BALTHAZAR> In-Reply-To: <01b201c5c465$a00b8e20$4600000a@BALTHAZAR> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I have a _possible_ bug involving security in Tomcat 5.0.28. I dont see it in the bug database, although it may be described in a way that I didnt search for. I would prefer to send it privately in case its real. If thats not feasible, I will post it here. Or is there a way to put it in the database but mark it private? Can anyone advise? --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org