You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2009/07/23 18:27:57 UTC

DO NOT REPLY [Bug 47564] .. and WEB-INF are allowed in pathInfo assignment

https://issues.apache.org/bugzilla/show_bug.cgi?id=47564


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #1 from Mark Thomas <ma...@apache.org>  2009-07-23 09:27:54 PST ---
Bugzilla is not the correct forum for reporting security issues. Please read:
http://tomcat.apache.org/security.html

This is a known, fixed issue. Again, please read:
http://tomcat.apache.org/security.html

There is no need to report bugs that have already been fixed.

The patch proposed above is bad and should not be applied. Users are strongly
encouraged to follow the advice in the security advisories to resolve this
issue. More information can be found in the Tomcat security pages:
http://tomcat.apache.org/security.html

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org