diff --git a/java/org/apache/naming/resources/FileDirContext.java b/java/org/apache/naming/resources/FileDirContext.java
index 2c94a80bd4e..b7dc1080da3 100644
--- a/java/org/apache/naming/resources/FileDirContext.java
+++ b/java/org/apache/naming/resources/FileDirContext.java
@@ -476,11 +476,16 @@ public void modifyAttributes(String name, ModificationItem[] mods)
      * @exception NamingException if a naming exception is encountered
      */
     @Override
-    public void bind(String name, Object obj, Attributes attrs)
-        throws NamingException {
+    public void bind(String name, Object obj, Attributes attrs) throws NamingException {
 
         // Note: No custom attributes allowed
 
+        // bind() is meant to create a file so ensure that the path doesn't end
+        // in '/'
+        if (name.endsWith("/")) {
+            throw new NamingException(sm.getString("resources.bindFailed", name));
+        }
+
         File file = file(name, false);
         if (file == null) {
             throw new NamingException(sm.getString("resources.bindFailed", name));
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2db8b6205a7..5361d73bc2f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -90,6 +90,11 @@
         <code>DirContext</code> that represented the web application in a
         <code>ProxyDirContext</code> twice rather than just once. (markt)
       </fix>
+      <fix>
+        <bug>61542</bug>: Fix CVE-2017-12617 and prevent JSPs from being
+        uploaded via a specially crafted request when HTTP PUT was enabled.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">