svn commit: r956392 - /tomcat/tc6.0.x/trunk/STATUS.txt

Sun, 20 Jun 2010 12:40:09 -0700 

Author: markt
Date: Sun Jun 20 19:39:21 2010
New Revision: 956392

URL: http://svn.apache.org/viewvc?rev=956392&view=rev
Log:
Propose CSRF protection back-port

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=956392&r1=956391&r2=956392&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Jun 20 19:39:21 2010
@@ -148,3 +148,12 @@ PATCHES PROPOSED TO BACKPORT:
   http://people.apache.org/~markt/patches/2010-06-18-bug49443-tc6.patch
   +1: markt, kkolinko
   -1: 
+
+* Backport the CSRF prevention filter to Tomcat 6 and configure the Manager and
+  Host Manager applications to use it. The configuration is such that the using
+  the old roles (manager, admin) will work and will bypass the CSRF protection
+  but using the new roles (manager-gui, admin-gui etc.) will not bypass the 
CSRF
+  protection.
+  
http://people.apache.org/~markt/patches/2010-06-20-crsf-prevention-filter-tc6.patch
+  +1: markt
+  -1: 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to