You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/03/18 00:18:07 UTC

svn commit: r1578658 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: markt
Date: Mon Mar 17 23:18:07 2014
New Revision: 1578658

URL: http://svn.apache.org/r1578658
Log:
Proposal

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1578658&r1=1578657&r2=1578658&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 17 23:18:07 2014
@@ -74,6 +74,14 @@ PATCHES PROPOSED TO BACKPORT:
     1. r1578329 does not belong to svn:mergeinfo, that is an unrelated commit
     2. changelog.xml part of the patch does not merge, because of later changes
 
+* Redefine the <code>globalXsltFile</code> initialisation parameter of the
+  DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf.
+  Prevent user supplied XSLTs used by the DefaultServlet from defining external
+  entities.
+  http://people.apache.org/~markt/patches/2014-03-17-globalXsltFile-tc6-v1.patch
+  +1: markt
+  -1:
+
 
 PATCHES/ISSUES THAT ARE STALLED:
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org