/[Apache-SVN]
ViewVC logotype

Revision 892815


Jump to revision: Previous Next
Author: markt
Date: Mon Dec 21 13:27:57 2009 UTC (15 years, 4 months ago)
Changed paths: 8
Log Message:
Various related (un)deploy improvements including:
 - better handling of failed (un)deployment
 - adding checking for valid zip file entries that don't make sense in a WAR file
 - improved validation of WAR file names
 - make sure error messages match the action
 - the return from File.getCanonicalPath() may or may not return a final separator for directories

This fixes CVE-2009-2693, CVE-2009-2901 & CVE-2009-2902


Changed paths

Path Details
Directorytomcat/tc6.0.x/trunk/STATUS.txt modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/LocalStrings.properties modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/startup/ContextConfig.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/startup/ExpandWar.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/startup/HostConfig.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/startup/LocalStrings.properties modified , text changed
Directorytomcat/tc6.0.x/trunk/webapps/docs/changelog.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26