tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
Date Fri, 04 Mar 2011 20:27:45 GMT
Hash: SHA1


On 3/4/2011 10:21 AM, Mark Thomas wrote:
> On 03/03/2011 09:05, Mark Thomas wrote:
>> Based on what I have seen so far it looks to be a valid issue. I have a
>> very rough patch that addresses the bulk of the problem but there is
>> some unexpected behaviour still to be resolved. Today's task is writing
>> some unit tests, getting my head around exactly what needs to be done
>> and refining the patch.
>> I'd like to make statement regarding time-scales but the last time I hit
>> what on the surface looked like a simple bug it took a month of
>> refactoring to fix it. I don't think this is going to take anywhere near
>> that long but until the full extent of the required changes is
>> understood, it would be foolish to speculate about time-scales.
> I believe this is now fixed. I'm running the unit tests now followed by
> the Servlet TCK. Assuming everything passes, I'll start the 7.0.10
> release process later today.

Given that previous releases have passed the TCK, does that mean that
the TCK lacks testing of this particular feature of Servlet 3.0?

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message