On 20/09/17 18:15, Konstantin Kolinko wrote:
> 2017-09-20 20:09 GMT+03:00 Konstantin Kolinko <knst.koli...@gmail.com>:
>> 2017-09-20 15:23 GMT+03:00 <ma...@apache.org>:
>>> Author: markt
>>> Date: Wed Sep 20 12:23:44 2017>>> New Revision: 1809011
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1809011&view=rev
>>> Log:
>>> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
>>> Partial fix for CVE-2017-12617
>>> This moves a check from the Default servlet where it applied to GET, POST,
>>> HEAD and OPTIONS to the resources implementation where it applies to any
>>> method that expects the resource to exist (e.g.DELETE)
>>> Still need to address the case where the resource does not exist (e.g. PUT)
<snip/>
> Falling back to
>
> if (name.endsWith("/") && file.isFile()) {
Fixed. Thanks for the review.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
