https://issues.apache.org/bugzilla/show_bug.cgi?id=57458
--- Comment #3 from Konstantin Kolinko <knst.koli...@gmail.com> --- (In reply to Mark Thomas from comment #1) > 7.0.39 is getting on for 2 years old and has a number of known security > vulnerabilities including one that can result in response mix ups. > > Please upgrade to the latest stable 7.0.x release (7.0.58 as I type this) > and retest. +1 Correction: 7.0.57 is the last released version. (7.0.58 has not been tagged yet). I also recommend to add the following line to conf/catalina.properties org.apache.catalina.connector.RECYCLE_FACADES=true Documentation: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security That settings helps to prevent and detect programming errors in web applications such as illegal access to request/response objects outside of their life cycle. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org