angler-fishThe Vulnerability History Project

Process all ServletSecurity annotations at web application start rather

      than at servlet load time to ensure constraints are applied
consistently.


git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk@1823314 13f79535-47bb-0310-9956-ffa450edef68
by Pauline the Wren 2018-02-06 12:15:40 UTC
commit 2349801827f09fb6582a8afdeca704294106ad9a
Tomcat Fix Servlet Load Order CVE-2018-1305
java/org/apache/catalina/Wrapper.java
+8 -10
java/org/apache/catalina/authenticator/AuthenticatorBase.java
+8
java/org/apache/catalina/core/ApplicationContext.java
+1 -17
java/org/apache/catalina/core/ApplicationServletRegistration.java
-7
java/org/apache/catalina/core/StandardContext.java
+12 -18
java/org/apache/catalina/core/StandardWrapper.java
+41 -2
java/org/apache/catalina/startup/ContextConfig.java
+5 -4
java/org/apache/catalina/startup/Tomcat.java
-3
java/org/apache/catalina/startup/WebAnnotationSet.java
+3 -14
webapps/docs/changelog.xml
-5
expand_less