The Vulnerability History Project

CVE-2011-1088

      Complete the fix for this issue. The optimisation not to configure an authenticator of there were no security constraints meant that in that case @ServletSecurity annotations had no effect. The unit tests did not pick this up since they added an authenticator directly.
Add an explicit unit test for this scenario.


git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1079752 13f79535-47bb-0310-9956-ffa450edef68

by Pauline the Wren 2011-03-09 11:16:48 UTC

commit 0ff4905158b77787a7f3aca55c9dec93456665dc

Tomcat Fix Ignored Security Annotations CVE-2011-1088

java/org/apache/catalina/startup/ContextConfig.java

+4 -1

test/org/apache/catalina/core/TestStandardWrapper.java

-18

test/webapp-3.0-servletsecurity/WEB-INF/web.xml

-48

webapps/docs/changelog.xml

+4 -8

expand_less