Public bug reported:
7.0.52-1ubuntu0.6 contains the patch for CVE-2015-5345. It adds
mapperContextRootRedirectEnabled as a workaround to prevent breaking the
current functionality. This fix cannot be used with the current ubuntu
patches as it is missing the change to MapperListener.java in revision
http://svn.apache.org/viewvc?view=revision&revision=1716860 (bz
https://bz.apache.org/bugzilla/show_bug.cgi?id=58765)
Without it, the values specified in context.xml are not passed down to
the Mapper.java on startup.
Setting mapperContextRootRedirectEnabled="true" in
/etc/tomcat7/context.xml has no effect. Making the same change with
7.0.70 from tomcat.apache.org works perfectly.
** Affects: tomcat7 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609819
Title:
CVE-2015-5345 patch issue on tomcat7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1609819/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
