On 02/07/2021 16:44, James H. H. Lampert wrote:
On 7/2/21 12:02 AM, Mark Thomas wrote:

It is an alternative session manager that persists session data via a configured Store. There are two Store implementations provided by default - File and DataSource.

You would know if you were using it as it requires explicit configuration.

Thanks for the specific documentation link; I would not have known where to look in the docs. My friends and colleagues seem to think I have brilliant research skills; in fact, I simply have no qualms about asking for help.

Our webapp totally lacks a "context.xml" (I looked for one) but I see such files, with Manager elements, in the manager and host-manager webapps. Are they affected by CVE-2021-25329/CVE-2020-9484?

Not unless you have changed the default configuration to use the persistent manager (via the className attribute).

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to