No your best bet is to comment out the following line (and no it won't
be all on one line) from your web.xml file then schedule to upgrade to
Tomcat 4.1.12 Stable or Tomcat 4.0.5.
invoker
/servlet/*
The Jakarta Team has already posted a response to this bug, it can be
viewed here: http://jakarta.apache.org/site/news.html
--
Martin Robson
Radial Software Development Inc.
Direct - (604) 868-1503
Main - (604) 692-5971
[EMAIL PROTECTED]
http://www.radialsoftware.com
-Original Message-
From: Marcin Jackowski [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 12:30 PM
To: [EMAIL PROTECTED]
Subject: Re: JSP source code exposure in Tomcat 4.x
[...]
>
> 3.2 Workaround:
[...]
Quicker (brute) method - remove completely
$TOMCAT_HOME/server/lib/servlets-default.jar.
The server complains but applications seem to work correctly (unless
you're using it).
Stated for Tomcat version 4.0.1, 4.0.4 and 4.1.10.
Marcin Jackowski