You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Emmanuel Bourg <eb...@apache.org> on 2016/12/08 09:50:26 UTC

About CVE-2015-5345

Hi all,

I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be part of the fix, otherwise the
mapper*RedirectEnabled attributes set on the context are ignored, right?
Also I haven't found an equivalent commit for Tomcat 8, is this normal?

Thank you,

Emmanuel Bourg

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org