/[Apache-SVN]
ViewVC logotype

Revision 1726203


Jump to revision: Previous Next
Author: markt
Date: Fri Jan 22 13:02:28 2016 UTC (9 years, 2 months ago)
Changed paths: 9
Log Message:
When using the new sessionAttributeValueClassNameFilter, apply the filter earlier rather than loading the class and then deciding to filter it out.
When a SecurityManager is used, enable filtering by default.
This is part 2 of 2 of the fix for CVE-2016-0714

Changed paths

Path Details
Directorytomcat/tc8.0.x/trunk/ modified , props changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/session/ManagerBase.java modified , text changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/session/StandardManager.java modified , text changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/session/StoreBase.java modified , text changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/util/CustomObjectInputStream.java modified , text changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/util/LocalStrings.properties modified , text changed
Directorytomcat/tc8.0.x/trunk/webapps/docs/changelog.xml modified , text changed
Directorytomcat/tc8.0.x/trunk/webapps/docs/config/cluster-manager.xml modified , text changed
Directorytomcat/tc8.0.x/trunk/webapps/docs/config/manager.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26