Mark Thomas wrote:
William L. Thomson Jr. wrote:
I take it down streams should run with the first patches to work around
this vulnerability till next release. I already applied the one liner,
kinda glad I did not apply the other last night ;) Please advise,
thanks.
You need a version of the second patch for a complete fix. If you want
logging - apply my version, if you don't - apply Remy's. Both fix the
problem, just in slightly different ways.
I've been using Mark's patch, which I personally prefer right now. I'll
experiment with Remy's patch on Monday, but I have a slightly tangential
question:
Q. Where should I put, and how should I build a unit test for the webdav
issue? I noticed that Jean-Frederic created a great unit test within
/test for the cookie issue, but I don't believe his patch was ever
committed. Is there a formal unit test framework for these issues?
My existing test for the webdav issue is just a war file, but I'd like
something semi-permanent and manageable. I'm a little ignorant of of the
history here, so forgive me if I'm a little lost.
We'll have to wait and see which way the voting goes for which patch
gets incorporated into the code base.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
