I believe CVE-2017-12617 is addressed in 9.0.x
The file() method has been reviewed by kkolinko and remm and I have
implemented their comments. I have also refactored the method and added
comments to make the intended behaviour clearer.
It is possible that there is scope to optimise some of the
Sounds good to me, thanks!
Info not yet ready for users@: On d...@httpd there is discusion, whether
to fix request splicing attacks by dropping the buffer, therefore
effectively not allowing to combine a partial request before reneg with
the request coming after the reneg. Although we don't know
Rainer Jung wrote:
Sounds good to me, thanks!
Info not yet ready for users@: On d...@httpd there is discusion, whether
to fix request splicing attacks by dropping the buffer, therefore
effectively not allowing to combine a partial request before reneg with
the request coming after the
On 11/19/2009 04:20 PM, Mark Thomas wrote:
and 5.5.28 does not
don't think there is a HTTP NIO in 5.5.x
Filip
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:
Filip Hanik - Dev Lists wrote:
On 11/19/2009 04:20 PM, Mark Thomas wrote:
and 5.5.28 does not
don't think there is a HTTP NIO in 5.5.x
There isn't. I'll remove that reference.
Mark
-
To unsubscribe, e-mail:
Overview
The purpose of this update is provide information on the current
understanding so users are better informed when making decisions
regarding risk mitigation for this issue in their environment.
Work on the root cause is progressing but is still in a state of flux.
Discussion is
Feedback / comments on the info below. I'd like to get it out to users@
and announce@ fairly soon.
Cheers,
Mark
===
Overview
Work on the root cause is progressing but is still in a state of flux.
The purpose of this update is provide