https://bz.apache.org/bugzilla/show_bug.cgi?id=69752
--- Comment #8 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Mark Thomas from comment #6) > (In reply to Christopher Schultz from comment #5) > > > This seems like a reasonable "secure by default" hardening maneuver. > > Tomcat is already secure by default in this case. Poor choice of words on my part. Closer to "avoid foot-guns where reasonable," and I think this is reasonable. But I definitely take your point about it being a slippery slope. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
