I truly appreciate your swift response, Mark. Thank you so much! On Thu, Dec 19, 2024 at 4:23 PM Mark Thomas <ma...@apache.org> wrote:
> On 19/12/2024 10:49, Thiru wrote: > > Hello There, > > > > Good day! > > > > Could you kindly help clarify the following regarding CVE-2024-50379? > > > > In the default Tomcat setup, the readonly initialization parameter of the > > DefaultServlet is not write-enabled, even for a case-insensitive file > > system (Reference: https://tomcat.apache.org/tomcat-9.0-doc/default > > -servlet.html). > > > > Given this, am I correct in understanding that this vulnerability should > > not affect default Tomcat installations? > > You are correct. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
