Hi Tomcat team I am really sorry to bother you regarding this fix for Tomcat 9.0.98 revolving around the following CVEs, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337
(★) My question is if we install our Tomcat 9.0.97 (or lower version) on Windows OS (Case Insensitive), and the default value of DefaultServlet Write Enabled is FALSE (Since readonly parameter is not touched) Then I should not be concerned about the CVE since its first and foremost important condition is below right? > If the default servlet is write enabled (readonly initialisation parameter > set to the non-default value of false) for a case insensitive file system Meaning with the env described in (★) the CVEs are not a concern, and I do NOT have to even set sun.io.useCanonCaches to false on Tomcat9w.exe right? I am trying to avoid upgrade or restarting my Tomcat. Best regards, Nguyen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
