Author: markt
Date: Sun Jun 20 19:39:21 2010
New Revision: 956392
URL: http://svn.apache.org/viewvc?rev=956392&view=rev
Log:
Propose CSRF protection back-port
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=956392&r1=956391&r2=956392&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Jun 20 19:39:21 2010
@@ -148,3 +148,12 @@ PATCHES PROPOSED TO BACKPORT:
http://people.apache.org/~markt/patches/2010-06-18-bug49443-tc6.patch
+1: markt, kkolinko
-1:
+
+* Backport the CSRF prevention filter to Tomcat 6 and configure the Manager and
+ Host Manager applications to use it. The configuration is such that the using
+ the old roles (manager, admin) will work and will bypass the CSRF protection
+ but using the new roles (manager-gui, admin-gui etc.) will not bypass the
CSRF
+ protection.
+
http://people.apache.org/~markt/patches/2010-06-20-crsf-prevention-filter-tc6.patch
+ +1: markt
+ -1:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
