Author: markt
Date: Mon Jun 1 16:15:54 2026
New Revision: 1934846
Log:
More known non-findings updates
Modified:
tomcat/site/trunk/docs/security-model.html
tomcat/site/trunk/xdocs/security-model.xml
Modified: tomcat/site/trunk/docs/security-model.html
==============================================================================
--- tomcat/site/trunk/docs/security-model.html Mon Jun 1 16:10:02 2026
(r1934845)
+++ tomcat/site/trunk/docs/security-model.html Mon Jun 1 16:15:54 2026
(r1934846)
@@ -110,7 +110,12 @@
<ol>
<li>Any report that depends on deserialisation within the clustering code
- when the EcryptInterceptor has not been configured.</li>
+ (<code>org.apache.catalina.ha</code>
+ <code>org.apache.catalina.tribes</code> and all sub-packages) when
the
+ EcryptInterceptor has not been configured.</li>
+
+ <li>Any report that depends on an attacker controlling a node within a
+ cluster.</li>
<li>Any report that depends on modification of persisted session data
where the mechanism to modify the persisted session data is not
Modified: tomcat/site/trunk/xdocs/security-model.xml
==============================================================================
--- tomcat/site/trunk/xdocs/security-model.xml Mon Jun 1 16:10:02 2026
(r1934845)
+++ tomcat/site/trunk/xdocs/security-model.xml Mon Jun 1 16:15:54 2026
(r1934846)
@@ -120,7 +120,12 @@
<ol>
<li>Any report that depends on deserialisation within the clustering code
- when the EcryptInterceptor has not been configured.</li>
+ (<code>org.apache.catalina.ha</code>
+ <code>org.apache.catalina.tribes</code> and all sub-packages) when
the
+ EcryptInterceptor has not been configured.</li>
+
+ <li>Any report that depends on an attacker controlling a node within a
+ cluster.</li>
<li>Any report that depends on modification of persisted session data
where the mechanism to modify the persisted session data is not
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
