angler-fishThe Vulnerability History Project

Process all ServletSecurity annotations at web application start rather

      than at servlet load time to ensure constraints are applied
consistently.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1823322 13f79535-47bb-0310-9956-ffa450edef68
by Pauline the Wren 2018-02-06 12:49:49 UTC
commit 2aac69f694d42d9219eb27018b3da0ae1bdd73ab
Tomcat Fix Servlet Load Order CVE-2018-1305
java/org/apache/catalina/Wrapper.java
+7 -11
java/org/apache/catalina/authenticator/AuthenticatorBase.java
+8
java/org/apache/catalina/core/ApplicationContext.java
+1 -17
java/org/apache/catalina/core/ApplicationServletRegistration.java
+18 -25
java/org/apache/catalina/core/StandardContext.java
+9 -18
java/org/apache/catalina/core/StandardWrapper.java
+124 -85
java/org/apache/catalina/startup/ContextConfig.java
+5 -4
java/org/apache/catalina/startup/Tomcat.java
-3
java/org/apache/catalina/startup/WebAnnotationSet.java
+3 -14
webapps/docs/changelog.xml
-5
expand_less