> Hi Remy, > > > As I stated in the comments of the bug, I don't agree with your > > interpretation about the JSP displaying "code". > > Sorry again for not making myself clear. To put it exact (I hope ...): > > There are cases in complex include/forward scenarios where Tomcat serves > JSPs as static resources. So the *client browser* receives something like > this as plain text:
I actually tried the test case (I guess I should have tried it before ...), and it didn't do what I thought it would do. This does not qualify as a security issue by my book, though (it is recommended to test your application before putting it in production). > PS Thanks for incorporating the patch that changes the shutdown order in > StandardContext. You also were pushing for that one ? Cool. The fix seems to be working ok. I actually changed start/stop/reload. I like safer patches a lot better in general, though ;-) Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
