Author: kkolinko
Date: Wed Dec 16 22:44:43 2015
New Revision: 1720476
URL: http://svn.apache.org/viewvc?rev=1720476&view=rev
Log:
Add CVE-2014-7810 to changelog of released 8.0.16.
Modified:
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1720476&r1=1720475&r2=1720476&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Wed Dec 16 22:44:43 2015
@@ -2559,7 +2559,13 @@
than <code>jar:file</code>. (violetagg)
</fix>
<fix>
- Fix potential issue with BeanELResolver when running under a security
+ CVE-2014-7810:
+ Do not use a privileged code block when evaluating EL expressions
+ when running under a security manager, which allowed to bypass code
+ restrictions. (markt)
+ </fix>
+ <fix>
+ Fix an issue with BeanELResolver when running under a security
manager. Some classes may not be accessible but may have accessible
interfaces. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
