RE: Tomcat 3.2.2 [Was: Re: BugRat Report #690 has been filed.]

Thu, 11 Jan 2001 19:20:20 -0800 

Regarding BugReport #744.  I've been trying to duplicate it on my Win2000
system and haven't had any luck.  I always get back the executed page.  Has
anyone else been able to duplicate the problem behavior?

As for 3.2.2, I think we should give 3.2.1 a little more soak time.  The
flow of bug reports seems to have increased which means that people are
using the release.  I don't think there are any really critical bugs fixed
so far so another week or so should hurt and with the extra usage we might
find something that should be addressed.

With any luck, 3.2.2 puts this release to bed and there won't be a need for
a 3.2.3.

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hans
> Bergsten
> Sent: Thursday, January 11, 2001 3:03 PM
> To: [EMAIL PROTECTED]
> Subject: Tomcat 3.2.2 [Was: Re: BugRat Report #690 has been filed.]
>
>
> "Craig R. McClanahan" wrote:
> >
> > Glenn Nielsen wrote:
> >
> > > I stand corrected.
> > >
> > > The below problem was a bug in Tomcat.  Wrapping the RequestDispatcher
> > > forward() and include() methods with a doPrivileged() if a
> SecurityManager
> > > is being used fixed the problem.  When Tomcat 3.2.2 is
> released you will
> > > no longer need to edit the jre/lib/security/java.security
> file to comment
> > > out the package.access=sun. line.
> > >
> > > This fix is in the 3.2 CVS branch, and will be in the Tomcat
> 3.2.2 release.
> > >
> >
> > Glenn (and others),
> >
> > Have we accumulated enough bug fixes where it's worth creating
> a 3.2.2 release,
> > or are there more issues that should be
> > dealt with first?
>
> I've seen the problem most recently reported in BugReport #744 described
> a
> few times now, but I haven't had a chance to verify it and look for a
> solution.
> Since this is a security bug, it seems like something that should be
> included
> in 3.2.2.
>
> I'll try to take a closer look at it this weekend, but can't promise
> anything.
>
> Hans
> --
> Hans Bergsten         [EMAIL PROTECTED]
> Gefion Software               http://www.gefionsoftware.com
> Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to