cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs/config context.xml http11.xml

Mon, 21 Feb 2005 14:54:27 -0800 

markt       2005/02/21 14:54:23

  Modified:    webapps/tomcat-docs/config context.xml http11.xml
  Log:
  Add warning to docs regarding use of deprecated connector and 
allowLinking=true
  
  Revision  Changes    Path
  1.15      +5 -0      jakarta-tomcat-4.0/webapps/tomcat-docs/config/context.xml
  
  Index: context.xml
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/context.xml,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- context.xml       19 Nov 2004 20:52:02 -0000      1.14
  +++ context.xml       21 Feb 2005 22:54:23 -0000      1.15
  @@ -178,6 +178,11 @@
           (or any other OS which does not have a case sensitive filesystem),
           as it will disable case sensitivity checks, allowing JSP source code
           disclosure, among other security problems.</b></p>
  +        <p><b>NOTE: This flag MUST NOT be set to true when using the 
deprecated
  +        <a href="http11.html">HTTP 1.1</a> connector as it will disable 
checks
  +        that protect against mal-formed requests resulting in JSP source code
  +        disclosure.</b></p>
  +
         </attribute>
   
         <attribute name="cacheTTL" required="false">
  
  
  
  1.7       +6 -0      jakarta-tomcat-4.0/webapps/tomcat-docs/config/http11.xml
  
  Index: http11.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/http11.xml,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- http11.xml        12 Jan 2003 17:26:48 -0000      1.6
  +++ http11.xml        21 Feb 2005 22:54:23 -0000      1.7
  @@ -19,6 +19,12 @@
     <p><b>IMPORTANT NOTE: The HTTP/1.1 connector is now deprecated. Use
     the Coyote HTTP/1.1 connector instead.</b></p>
   
  +  <p><b>IMPORTANT NOTE: This connector MUST NOT be used in conjunction
  +  with any <a href="context.html">Context</a> element that has the
  +  <code>allowLinking</code> attribute set to <code>true</code>. In this
  +  configuration it is possible for a mal-formed request to result in source
  +  code exposure of JSPs.</b></p>
  +
     <p>The <strong>HTTP/1.1 Connector</strong> element represents a
     <strong>Connector</strong> component that supports the HTTP/1.1 protocol.
     It enables Catalina to function as a stand-alone web server, in addition
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to