/[Apache-SVN]
ViewVC logotype

Revision 1754728


Jump to revision: Previous Next
Author: markt
Date: Mon Aug 1 10:38:22 2016 UTC (8 years, 4 months ago)
Changed paths: 5
Log Message:
Provide a mechanism that enables the container to check if a component (typically a web application) has been granted a given permission when running under a SecurityManager without the current execution stack having to have passed through the component. Use this new mechanism to extend SecurityManager protection to the system property replacement feature of the digester.
This is the fix for CVE-2016-6794

Changed paths

Path Details
Directorytomcat/tc7.0.x/trunk/ modified , props changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/digester/Digester.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/security/PermissionCheck.java
(Copied from tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/security/PermissionCheck.java, r1754726)
added
Directorytomcat/tc7.0.x/trunk/webapps/docs/changelog.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26