(tomcat) branch 9.0.x updated: Provide guidance on allowing write access to the web application

markt Sat, 07 Jun 2025 01:37:56 -0700

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/9.0.x by this push:
     new b5606f66d8 Provide guidance on allowing write access to the web 
application
b5606f66d8 is described below

commit b5606f66d828cf823a1c0e1f76df3a9112237463
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Sat Jun 7 09:32:02 2025 +0100

    Provide guidance on allowing write access to the web application
---
 webapps/docs/changelog.xml       |  9 +++++++++
 webapps/docs/default-servlet.xml | 25 ++++++++++++++-----------
 webapps/docs/security-howto.xml  | 13 +++++++++++++
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6a92bb8a3a..c5fea396f2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 9.0.107 (remm)" rtext="in development">
+  <subsection name="Web applications">
+    <changelog>
+      <add>
+        Documentation. Provide more explicit guidance regarding the security
+        considerations for enabling write access to the web application via
+        WebDAV, HTTP PUT requests or similar. (markt)
+      </add>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 9.0.106 (remm)" rtext="release in progress">
   <subsection name="Catalina">
diff --git a/webapps/docs/default-servlet.xml b/webapps/docs/default-servlet.xml
index 8e8139b65f..409fc7487d 100644
--- a/webapps/docs/default-servlet.xml
+++ b/webapps/docs/default-servlet.xml
@@ -150,17 +150,20 @@ Tomcat.</p>
         directory listing will be shown.
   </property>
   <property name="localXsltFile">
-        You may also customize your directory listing by directory by
-        configuring <code>localXsltFile</code>. This must be a file in the
-        directory where the listing will take place to with a
-        <code>.xsl</code> or <code>.xslt</code> extension. This overrides
-        <code>globalXsltFile</code> and <code>contextXsltFile</code>. If this
-        value is present but a file does not exist, then
-        <code>contextXsltFile</code> will be used. If
-        <code>contextXsltFile</code> does not exist, then
-        <code>globalXsltFile</code> will be used. If
-        <code>globalXsltFile</code> does not exist, then the default
-        directory listing will be shown.
+    <p>You may also customize your directory listing by directory by 
configuring
+    <code>localXsltFile</code>. This must be a file in the directory where the
+    listing will take place to with a <code>.xsl</code> or <code>.xslt</code>
+    extension. This overrides <code>globalXsltFile</code> and
+    <code>contextXsltFile</code>. If this value is present but a file does not
+    exist, then <code>contextXsltFile</code> will be used. If
+    <code>contextXsltFile</code> does not exist, then
+    <code>globalXsltFile</code> will be used. If <code>globalXsltFile</code>
+    does not exist, then the default directory listing will be shown.</p>
+    <p>Any <code>localXsltFile</code> is both a Tomcat configuration file and
+    part of the web application. As per the Tomcat security model, such files
+    are assumed to be trusted. Write access to this file should, like write
+    access to any Tomcat configuration file, be limited to trusted users. This
+    incudes users with remote access via WebDAV, PUT or similar.</p>
   </property>
   <property name="input">
         Input buffer size (in bytes) when reading
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index a3b8e4119e..7839cd6aa6 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -178,6 +178,19 @@
    </subsection>
   </section>
 
+  <section name="User web applications">
+    <p>Web applications are assumed to be trusted. It is not safe to deploy web
+    applications from untrusted sources.</p>
+
+    <p>Any application functionality that permits the modification of a web
+    application (WebDAV, HTTP PUT requests etc.) may impact the security of
+    either the web application or the Tomcat instance on which it is running.
+    Such functionality should either be restricted to trusted users or
+    limited in scope (e.g. via security constraints) such that users with 
access
+    to the functionality are unable to imapct the security of either the web
+    application or the Tomcat instance on which it is running.</p>
+  </section>
+
   <section name="Security manager">
     <p>Enabling the security manager causes web applications to be run in a
     sandbox, significantly limiting a web application's ability to perform


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Provide guidance on allowing write access to the web application

Reply via email to