www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
Date Wed, 09 Mar 2011 10:48:21 GMT
The fix in Tomcat 7.0.10 was incomplete. @SecurityAnnotations are still
ignored when there are no security constraints defined in web.xml (a
typical use case).

There will be a Tomcat 7.0.11 release shortly to address this. In the
meantime, the workaround of specifying at least one security constraint
in web.xml can be used to trigger the scanning of @SecurityAnnotations.

on behalf of the Apache Tomcat security team

To unsubscribe, e-mail: announce-unsubscribe@apache.org 
For additional commands, e-mail: announce-help@apache.org 

View raw message