On 7/2/21 12:02 AM, Mark Thomas wrote:
It is an alternative session manager that persists session data via a
configured Store. There are two Store implementations provided by
default - File and DataSource.
You would know if you were using it as it requires explicit configuration.
Thanks for the specific documentation link; I would not have known where
to look in the docs. My friends and colleagues seem to think I have
brilliant research skills; in fact, I simply have no qualms about asking
for help.
Our webapp totally lacks a "context.xml" (I looked for one) but I see
such files, with Manager elements, in the manager and host-manager
webapps. Are they affected by CVE-2021-25329/CVE-2020-9484?
Incidentally, speaking of those webapps, when installing, we immediately
jettison all as-shipped webapps *except* manager and host-manager. We
use manager all the time, but I'm not even sure what host-manager does.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
