On 3/2/2011 8:49 AM, Mark Thomas wrote:
As reported on the users list [1], both Tomcat 7.0.8 and the latest
Tomcat 7 code from svn appear to ignore @ServletSecurity annotations.
Assuming this issue is confirmed, it may lead to authentication bypass
and information disclosure.
The exact details are still being investigated but this e-mail is being
provided to give users early warning of this public issue.
If code changes are required to address this, they will be included in
the next release of Tomcat 7, 7.0.10. The release process for 7.0.10 is
expected to start once the investigation of this issue is complete.
Mark
on behalf of the Apache Tomcat security team
Hello, I was just wondering if there was any update on this issue.
-Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
