Hi all, I'm still working on the security backports in Debian and I have a question regarding CVE-2015-5345. On the Tomcat 7 security page the commits 1715213 and 1717212 are referenced. If I'm not mistaken the commit 1716860 should also be part of the fix, otherwise the mapper*RedirectEnabled attributes set on the context are ignored, right? Also I haven't found an equivalent commit for Tomcat 8, is this normal?
Thank you, Emmanuel Bourg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org