| Log Message: |
Various improvements to the DIGEST authenticator including <bug>52954</bug>, the disabling caching of an authenticated user in the session by default, tracking server rather than client nonces and better handling of stale nonce values.
This fixed CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses
|