remm 02/02/27 16:35:04
Modified: . Tag: tomcat_40_branch RELEASE-NOTES-4.0.3-B1.txt
Log:
- Document security fix.
Revision Changes Path
No revision
No revision
1.1.2.13 +7 -1 jakarta-tomcat-4.0/Attic/RELEASE-NOTES-4.0.3-B1.txt
Index: RELEASE-NOTES-4.0.3-B1.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/Attic/RELEASE-NOTES-4.0.3-B1.txt,v
retrieving revision 1.1.2.12
retrieving revision 1.1.2.13
diff -u -r1.1.2.12 -r1.1.2.13
--- RELEASE-NOTES-4.0.3-B1.txt 27 Feb 2002 03:00:41 -0000 1.1.2.12
+++ RELEASE-NOTES-4.0.3-B1.txt 28 Feb 2002 00:35:04 -0000 1.1.2.13
@@ -3,7 +3,7 @@
Release Notes
=============
-$Id: RELEASE-NOTES-4.0.3-B1.txt,v 1.1.2.12 2002/02/27 03:00:41 remm Exp $
+$Id: RELEASE-NOTES-4.0.3-B1.txt,v 1.1.2.13 2002/02/28 00:35:04 remm Exp $
============
@@ -90,6 +90,11 @@
TyrexTransactionFactory: Add error logging.
+ApplicationContext: Fix security problem which could allow a servlet to serve
+ resources from outside the Catalina home directory, using the request
+ dispatcher. This also implements the specification requirement that the
+ request dispatcher cannot extend outside the current servlet context.
+
----------------
Jasper Bug Fixes:
@@ -137,6 +142,7 @@
returns false
6609 SendMailServlet.java is not compiled even if javamail is installed
correctly
+6641 Download of MS Office docs from protected areas fail with IE
6644 Whitespace after Content-type header value leads to POST method failure
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
