angler-fishThe Vulnerability History Project

Process all ServletSecurity annotations at web application start rather

      than at servlet load time to ensure constraints are applied
consistently.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1823310 13f79535-47bb-0310-9956-ffa450edef68
by Pauline the Wren 2018-02-06 12:08:26 UTC
commit 3e54b2a6314eda11617ff7a7b899c251e222b1a1
Tomcat Fix Servlet Load Order CVE-2018-1305
java/org/apache/catalina/Wrapper.java
+8 -10
java/org/apache/catalina/authenticator/AuthenticatorBase.java
+8
java/org/apache/catalina/core/ApplicationContext.java
+1 -17
java/org/apache/catalina/core/ApplicationServletRegistration.java
-7
java/org/apache/catalina/core/StandardContext.java
+12 -18
java/org/apache/catalina/core/StandardWrapper.java
+41 -2
java/org/apache/catalina/startup/ContextConfig.java
+5 -4
java/org/apache/catalina/startup/Tomcat.java
-3
java/org/apache/catalina/startup/WebAnnotationSet.java
+3 -14
webapps/docs/changelog.xml
-5
expand_less