tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
Date Fri, 04 Mar 2011 20:27:45 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

On 3/4/2011 10:21 AM, Mark Thomas wrote:
> On 03/03/2011 09:05, Mark Thomas wrote:
>> Based on what I have seen so far it looks to be a valid issue. I have a
>> very rough patch that addresses the bulk of the problem but there is
>> some unexpected behaviour still to be resolved. Today's task is writing
>> some unit tests, getting my head around exactly what needs to be done
>> and refining the patch.
>>
>> I'd like to make statement regarding time-scales but the last time I hit
>> what on the surface looked like a simple bug it took a month of
>> refactoring to fix it. I don't think this is going to take anywhere near
>> that long but until the full extent of the required changes is
>> understood, it would be foolish to speculate about time-scales.
> 
> I believe this is now fixed. I'm running the unit tests now followed by
> the Servlet TCK. Assuming everything passes, I'll start the 7.0.10
> release process later today.

Given that previous releases have passed the TCK, does that mean that
the TCK lacks testing of this particular feature of Servlet 3.0?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1xS0EACgkQ9CaO5/Lv0PAkqACfbP0zgqvgm2zmsApVzO8hUXTJ
RUYAn00svPJiX0hRoO6bDgxU1x8vlcjY
=DhBR
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message