[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 --- Comment #5 from Christopher Schultz --- (In reply to Mark Thomas from comment #3) > The canonical path check is still required to enforce the required case > sensitivity. > > The Window APIs, most likely for

[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 Brett Schoppert changed: What|Removed |Added Resolution|--- |INVALID

[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment

[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 --- Comment #2 from Remy Maucherat --- The canonical path comparison is a last resort safety net. So it's still useful then, that's interesting. If you confirm the behavior, it seems we're good as is, the check is supposed to

[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 Svetlin Zarev changed: What|Removed |Added CC|

[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 Mark Thomas changed: What|Removed |Added OS||All --- Comment #1

[Bug 61369] Tomcat 8.5.16 vulnerable to CVE-2016-0793

https://bz.apache.org/bugzilla/show_bug.cgi?id=61369 Brett Schoppert changed: What|Removed |Added OS||Windows Server