https://issues.apache.org/bugzilla/show_bug.cgi?id=57251
--- Comment #16 from Mark Thomas <ma...@apache.org> --- (In reply to Christopher Schultz from comment #15) > (In reply to Francisco A. Lozano from comment #12) > > One question about your reasoning - what's the point of having > > unpackWARS="false" option if it's so unusably slow in T8? > > One valid use case: read-only filesystem (from Tomcat's perspective). > unpackWars="false" allows you to run with the host's appBase directory > non-writable by Tomcat. There is nothing stopping users copying an exploded directory into the appBase in the same way a WAR is copied. The ASF's JIRA instance runs this way for exactly the security concerns you cite. I do not see any security benefits that are unique to unpackWARs="false" -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org