tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793
Date Wed, 02 Aug 2017 08:51:23 GMT

--- Comment #2 from Remy Maucherat <> ---
The canonical path comparison is a last resort safety net. So it's still useful
then, that's interesting. If you confirm the behavior, it seems we're good as
is, the check is supposed to catch this and prevent trouble (but then a webapp
has to be fully packaged as per the specification).

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message