https://bz.apache.org/bugzilla/show_bug.cgi?id=63602
Mark Thomas <ma...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #4 from Mark Thomas <ma...@apache.org> --- The security argument for automatically creating the upload dir wasn't sufficiently strong to require a CVE. It was argued that failure to ensure the directory existed was a configuration error - hence why createUploadTargets defaults to false and a WARN level log message is written if Tomcat does create that location. Looking at the code, Tomcat checks and recreates the upload directory per request. If Tomcat is appropriately configured, the OP will get the behaviour they require. Note: 8.5.39 or later is required. Configuration assistance, if required, is available on the users mailing list. Closing this as INVALID since it is a configuration issue, not a bug. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org