facing security issue while creating war file Jruby based rails application

[shahrutul1993]

currently I am facing issue while using warble gem. I am using Jruby based rails application.
I am able to access direct file path code in server URL which breaking security.
so I was trying to modify config/warble.rb where I have made some changes which is showing below.

config.webxml.jruby.min.runtimes = 1
config.webxml.jruby.max.runtimes = 1
config.webxml.org.eclipse.jetty.servlet.default.dirAllowed = false

after adding config, I am able to access WEB-INF directory as well as file from direct server URL which is breaking security of our application.
for example:

1. server url/WEB-INF./web.xml
2. server url/WEB-INF./config/secrets.yml
   all the files can be accessible from this directory.

Looks like this is just preventing directory access but still able to access file path code in URL directly.
Any one have any idea to fix this issue in warble?
Any help would be appreciated.
Thanks.

[thimios]

any updates on this? We are also facing the same issue. Adding

config.webxml.org.eclipse.jetty.servlet.default.dirAllowed = false

does not have an effect on the generated web.xml file

and opening localhost:8080/test..%2F..%2F seems to just render a listing of the server's directory files