On 3/2/2011 8:49 AM, Mark Thomas wrote:
> As reported on the users list [1], both Tomcat 7.0.8 and the latest
> Tomcat 7 code from svn appear to ignore @ServletSecurity annotations.
> Assuming this issue is confirmed, it may lead to authentication bypass
> and information disclosure.
>
> The exact details are still being investigated but this e-mail is being
> provided to give users early warning of this public issue.
>
> If code changes are required to address this, they will be included in
> the next release of Tomcat 7, 7.0.10. The release process for 7.0.10 is
> expected to start once the investigation of this issue is complete.
>
> Mark
> on behalf of the Apache Tomcat security team
Hello, I was just wondering if there was any update on this issue.
-Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|