diff --git a/java/org/apache/catalina/core/RestrictedServlets.properties b/java/org/apache/catalina/core/RestrictedServlets.properties index d336968d1424..cefa24965204 100644 --- a/java/org/apache/catalina/core/RestrictedServlets.properties +++ b/java/org/apache/catalina/core/RestrictedServlets.properties @@ -16,3 +16,4 @@ org.apache.catalina.ssi.SSIServlet=restricted org.apache.catalina.servlets.CGIServlet=restricted org.apache.catalina.manager.JMXProxyServlet=restricted +org.apache.catalina.manager.StatusManagerServlet=restricted diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 94fbe0846da4..6fe228b0de2b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -155,6 +155,10 @@ header to the HttpHeaderSecurityFilter. Patch provided by Jacopo Cappellato. (markt) + + Add the StatusManagerServlet to the list of Servlets that + can only be loaded by privileged applications. (markt) +