Summary: | org.apache.catalina.session.ManagerBase has issues with update the seed (initialized to System.currentTimeMillis()), since only the 32 least significant bits are changed by the XOR. | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Andras Rozsa <andras_rozsa> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | andras_rozsa |
Priority: | P2 | ||
Version: | 5.5.35 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows Vista | ||
Attachments: |
2012-06-05_tc6_53050_ManagerBase.patch
2012-06-05_tc55_53050_ManagerBase.patch |
Description
Andras Rozsa
2012-04-09 18:08:03 UTC
For reference, a short discussion on the dev list: http://markmail.org/thread/r7kvsx3epauzw5qq Created attachment 28894 [details]
2012-06-05_tc6_53050_ManagerBase.patch
Patch to be proposed for Tomcat 6.0
Created attachment 28895 [details]
2012-06-05_tc55_53050_ManagerBase.patch
Patch to be proposed for Tomcat 5.5
Proposed for 6.0 and 5.5. Fixed in 6.0 with r1353112 and will be in 6.0.36. I am reassigning this issue from 6.0.24 to 5.5. |