"Craig R. McClanahan" wrote:
>
> Glenn Nielsen wrote:
>
> > I stand corrected.
> >
> > The below problem was a bug in Tomcat. Wrapping the RequestDispatcher
> > forward() and include() methods with a doPrivileged() if a SecurityManager
> > is being used fixed the problem. When Tomcat 3.2.2 is released you will
> > no longer need to edit the jre/lib/security/java.security file to comment
> > out the package.access=sun. line.
> >
> > This fix is in the 3.2 CVS branch, and will be in the Tomcat 3.2.2 release.
> >
>
> Glenn (and others),
>
> Have we accumulated enough bug fixes where it's worth creating a 3.2.2 release,
> or are there more issues that should be
> dealt with first?
I've seen the problem most recently reported in BugReport #744 described
a
few times now, but I haven't had a chance to verify it and look for a
solution.
Since this is a security bug, it seems like something that should be
included
in 3.2.2.
I'll try to take a closer look at it this weekend, but can't promise
anything.
Hans
--
Hans Bergsten [EMAIL PROTECTED]
Gefion Software http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]