Author: timw Date: Tue Oct 5 03:03:44 2010 New Revision: 1004515 URL: http://svn.apache.org/viewvc?rev=1004515&view=rev Log: Proposing fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 in 6.0.x
Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1004515&r1=1004514&r2=1004515&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Oct 5 03:03:44 2010 @@ -221,3 +221,19 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/viewvc?rev=1003572&view=rev +1: markt, kfujino -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50026 + Force DefaultServlet to serve all resources relative to context root + regardless of mappings/mount point. + Prevents access to WEB-INF and META-INF when the default servlet is + mapped to a sub-path. Also fixes WebdavServlet, which is affected for GET + requests. + This is a breaking change for anyone re-mapping DefaultServlet to a sub-path + (current behaviour is to remount the entire web application under the path, + which exposes WEB-INF/META-INF). + http://svn.apache.org/viewvc?rev=1004393&view=rev + http://svn.apache.org/viewvc?rev=1004409&view=rev + http://svn.apache.org/viewvc?rev=1004415&view=rev + +1: timw + -1: + --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org