You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/06/11 17:05:03 UTC

[Bug 61150] One of the session attributes on the [host-]manager application is disallowed by the Security Manager

https://bz.apache.org/bugzilla/show_bug.cgi?id=61150

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Switching from no security manager to using a security manager makes this worse
(stack trace). If a security manager is in use on shutdown then a warning is
logged.

I've fixed this by configuring the web applications to permit the
(de-)serialization of the CSRFPreventionFilter related attributes.

Fixed in:
- trunk for 9.0.0.M22 onwards
- 8.5.x for 8.5.16 onwards
- 8.0.x for 8.0.45 onwards
- 7.0.x for 7.0.79 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org