Please note that it is fixed in the sources (aka SVN) only, but not in any released version.
The fix was committed on May 19th in revision http://svn.apache.org/viewvc?view=rev&revision=539759 4.1.36 released in April does not contain the fix. 2007/12/17, Mary Joseph <[EMAIL PROTECTED]>: > Looks like it is fixed. > > http://tomcat.apache.org/security-4.html > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]