/[Apache-SVN]
ViewVC logotype

Revision 1754728

Jump to revision: Previous Next
Author: markt
Date: Mon Aug 1 10:38:22 2016 UTC (7 years, 8 months ago)
Changed paths: 5
Log Message: 
Provide a mechanism that enables the container to check if a component (typically a web application) has been granted a given permission when running under a SecurityManager without the current execution stack having to have passed through the component. Use this new mechanism to extend SecurityManager protection to the system property replacement feature of the digester.
This is the fix for CVE-2016-6794

Changed paths

Path Details
Directorytomcat/tc7.0.x/trunk/ modified , props changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/security/PermissionCheck.java
(Copied from tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/security/PermissionCheck.java, r1754726) 		added
Directorytomcat/tc7.0.x/trunk/webapps/docs/changelog.xml modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26