On 03/03/2011 05:54, Caldarale, Charles R wrote: >> From: Michael McCutcheon [mailto:michael.mccutch...@att.net] >> Subject: Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations > >> On 3/2/2011 8:49 AM, Mark Thomas wrote: >>> If code changes are required to address this, they will be included in >>> the next release of Tomcat 7, 7.0.10. The release process for 7.0.10 is >>> expected to start once the investigation of this issue is complete. > >> Hello, I was just wondering if there was any update on this issue. > > Bit impatient, aren't we? Give Mark a chance to sleep a couple hours a day.
:) Based on what I have seen so far it looks to be a valid issue. I have a very rough patch that addresses the bulk of the problem but there is some unexpected behaviour still to be resolved. Today's task is writing some unit tests, getting my head around exactly what needs to be done and refining the patch. I'd like to make statement regarding time-scales but the last time I hit what on the surface looked like a simple bug it took a month of refactoring to fix it. I don't think this is going to take anywhere near that long but until the full extent of the required changes is understood, it would be foolish to speculate about time-scales. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org