Modified: branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java
===================================================================
--- branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java	2011-11-24 08:23:37 UTC (rev 1871)
+++ branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java	2011-11-24 10:05:31 UTC (rev 1872)
@@ -301,7 +301,7 @@
     /**
      * Use sendfile for sending static files.
      */
-    protected boolean useSendfile = Library.APR_HAS_SENDFILE;
+    protected boolean useSendfile = false; /* CVE-2011-2526 */
     public void setUseSendfile(boolean useSendfile) { this.useSendfile = useSendfile; }
     public boolean getUseSendfile() { return useSendfile; }