Gregor Schneider wrote: > Hi Mark, > > ehem, a bit too abstract for my taste - what's the problem with UTF-8 > here, anyways?
See http://tomcat.markmail.org/search/?q=CVE-2008-2938#query:CVE-2008-2938%20order%3Adate-forward+page:1+state:facets for the original announcement that contained more detail. I just wanted to include the new information in this update. > Do you recommend any action to be taken from site-owners? Yes, if you use UTF-8. Upgrade to a fixed JVM (preferred) or upgrade to a Tomcat version that includes the work around. > Is there any > sample available which explains the issue in more detail? See above. The web site will be updated in the next few hours to reflect the fact that the vulnerability is in the JVM rather than Tomcat. HTH, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
