> From: "Dan K." <[EMAIL PROTECTED]> > > Hi fellow turbine users, > > Just to inform all those who use Jakarta Turbine (we use v2.1), the recent > vulnerability advisory for "Tomcat 4.x JSP source exposure security > advisory" applies because it also reveals template source (which isn't > too big a deal as long as no sensitive info is stored in there, but > still), which means it also reveals any file in *ANY* directory under your > webapp directory (/WEB-INF/ seems to be protected fine though). I was > able to test and confirm this on Tomcat 4.0.4. > > Please consult the advisory for fixes and work-arounds. Here's the link to > the announcement on the tomcat-user mailing list. > > http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg67053.html > > Regards, > Dan
Thanks Dan - very useful post. Cheers, Scott -- Scott Eade Backstage Technologies Pty. Ltd. http://www.backstagetech.com.au -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
