/[Apache-SVN]
ViewVC logotype

Revision 902650


Jump to revision: Previous Next
Author: markt
Date: Sun Jan 24 21:43:11 2010 UTC (15 years, 2 months ago)
Changed paths: 7
Log Message:
Various related (un)deploy improvements including:
- better handling of failed (un)deployment
- adding checking for invalid zip file entries that don't make sense in a WAR file
- improved validation of WAR file names.
These changes address CVE-2009-2693, CVE-2009-2901 and CVE-2009-2902.

Changed paths

Path Details
Directorytomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/loader/LocalStrings.properties modified , text changed
Directorytomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java modified , text changed
Directorytomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/startup/ContextConfig.java modified , text changed
Directorytomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/startup/ExpandWar.java modified , text changed
Directorytomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/startup/HostConfig.java modified , text changed
Directorytomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties modified , text changed
Directorytomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26