https://issues.apache.org/bugzilla/show_bug.cgi?id=48157
--- Comment #3 from Ralf Hauser <hau...@acm.org> 2009-11-09 04:06:08 UTC --- Since we do not really have the option use "APR/Native" and we would be happy to have X-Header fixing heuristics as another optional server.xml attribute. You fear in comment 2 that there are other more complex attack vectors, but if we can, shouldn't we fix the immediate and obvious ones all the same - even if we can't guarantee that there aren't worse, but also more complex attack vectors. We happily offer to test and report at least for our setup. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
