https://bz.apache.org/bugzilla/show_bug.cgi?id=61489
--- Comment #1 from jm009 <jan0mich...@yahoo.com> --- Why I suggest to disable this feature by default: 1) I never saw a servlet that uses this feature 2) I suppose, this feature comes from the beginnings of the internet, when people wanted to run some system command by clicking on a link, and the term "security" was not yet used in computer science :-) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org