tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
Date Thu, 03 Mar 2011 09:05:08 GMT
On 03/03/2011 05:54, Caldarale, Charles R wrote:
>> From: Michael McCutcheon [] 
>> Subject: Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
>> On 3/2/2011 8:49 AM, Mark Thomas wrote:
>>> If code changes are required to address this, they will be included in
>>> the next release of Tomcat 7, 7.0.10. The release process for 7.0.10 is
>>> expected to start once the investigation of this issue is complete.
>> Hello, I was just wondering if there was any update on this issue.
> Bit impatient, aren't we?  Give Mark a chance to sleep a couple hours a day.


Based on what I have seen so far it looks to be a valid issue. I have a
very rough patch that addresses the bulk of the problem but there is
some unexpected behaviour still to be resolved. Today's task is writing
some unit tests, getting my head around exactly what needs to be done
and refining the patch.

I'd like to make statement regarding time-scales but the last time I hit
what on the surface looked like a simple bug it took a month of
refactoring to fix it. I don't think this is going to take anywhere near
that long but until the full extent of the required changes is
understood, it would be foolish to speculate about time-scales.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message