On 20/09/17 13:52, ma...@apache.org wrote: > Author: markt > Date: Wed Sep 20 12:52:47 2017 > New Revision: 1809025 > > URL: http://svn.apache.org/viewvc?rev=1809025&view=rev > Log: > Partial fix for CVE-2017-12617 > This ensures that a path specified for creation of a file does not end in '/' > since that is dropped by the File API.
I think the fix for 9.0.x is complete but I want to do some more testing around the edge cases to make sure. Additional testing welcome. Once we are satisfied the fix is complete, I'll start back-porting. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org