https://bz.apache.org/bugzilla/show_bug.cgi?id=63602
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
The security argument for automatically creating the upload dir wasn't
sufficiently strong to require a CVE.
It was argued that failure to ensure the directory existed was a configuration
error - hence why createUploadTargets defaults to false and a WARN level log
message is written if Tomcat does create that location.
Looking at the code, Tomcat checks and recreates the upload directory per
request. If Tomcat is appropriately configured, the OP will get the behaviour
they require. Note: 8.5.39 or later is required.
Configuration assistance, if required, is available on the users mailing list.
Closing this as INVALID since it is a configuration issue, not a bug.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
