Rémy Maucherat schrieb:
On Fri, Apr 11, 2008 at 12:19 AM, Jess Holle <[EMAIL PROTECTED]> wrote:
Done. [https://issues.apache.org/bugzilla/show_bug.cgi?id=44803]
Guys, you've been going crazy about a (known) security issue: CVE-2007-1860
See http://tomcat.apache.org/security-jk.html
Rémy
Rémy,
I know that we cleaned reencoding of forwarded URLs up in the context of
the CVE and mod_jk. The semicolon wasn't involved in the CVE though and
at that time it would have been easier, if the AJP connectors had
resolved %3Bjsessionid (because then we wouldn't have needed a new JK
forward option).
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
