Mark Thomas wrote:
What mitigations are you thinking of?
The description is intended to be sufficient for a user to determine if
they match the vulnerability conditions. And this for this notice I
believe it meets this criteria.
In this case there is no way of configuring yourself away from the
vulnerability. If you use a RequestDispatcher, you are vulnerable.
My mistake, I understood that if the user was strictly using ISO-8859-1
encoding they were not vulnerable. But I might have missed a few posts
in the backchannel, as I was away teaching all week.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]