HTTP Method Override

This release tightens the use of the HTTP verb or the j_security_check resource which is now confined to POST operations. This enhancement prevents verb tunneling using request headers such as X-HTTP-Method, XHTTP-Method-Override, X-Method-Override.