tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793
Date Wed, 02 Aug 2017 08:51:23 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61369

--- Comment #2 from Remy Maucherat <remm@apache.org> ---
The canonical path comparison is a last resort safety net. So it's still useful
then, that's interesting. If you confirm the behavior, it seems we're good as
is, the check is supposed to catch this and prevent trouble (but then a webapp
has to be fully packaged as per the specification).

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message