[ http://issues.apache.org/jira/browse/GERONIMO-1433?page=all ]
Kevan Miller closed GERONIMO-1433:
----------------------------------
Fix Version: 1.1
(was: 1.x)
Resolution: Fixed
Assign To: Kevan Miller (was: Greg Wilkins)
I just updated etc/project.properties on trunk as follows
Sending etc/project.properties
Transmitting file data .
Committed revision 371391.
Matt fixed previously on branches/1.0 with Revision: 368994
> Security vulnerability of WEB-INF contents on windows platforms
> ---------------------------------------------------------------
>
> Key: GERONIMO-1433
> URL: http://issues.apache.org/jira/browse/GERONIMO-1433
> Project: Geronimo
> Type: Bug
> Components: web
> Environment: Jetty server
> Reporter: Greg Wilkins
> Assignee: Kevan Miller
> Priority: Critical
> Fix For: 1.0.1, 1.1
>
> The 5.1.9 Jetty server used by geronimo 1.0 suffers from a security
> vulnerability that allows a crafted URL to access the contents of WEB-INF
> when the server is run on windows platforms. The 5.1.10 release of Jetty
> fixes this vulnerability.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
