https://issues.apache.org/bugzilla/show_bug.cgi?id=50026
--- Comment #7 from Tim Whittington <t...@apache.org> 2010-10-03 16:54:25 EDT --- > I personally can live with the WONTFIX, but this leaves a huge security hole > for companies/ones who are using the DefaultServlet this way. This should > probably better be documented in DefaultServlet's javadoc/manual. Yeah, I think closing the security issue is a must, given the prevalence of such use (the WONTFIX was more about the fact that this was an unintended use). The DefaultServlet docs do need some tweaking (as well as WebdavServlet, which is almost anonymous) - will look at that as well. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
