struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject Re: Valid characters in http requets: Tomcat 8.38 -> 8.39
Date Sun, 04 Dec 2016 01:30:00 GMT
Markus

I have same problem and had to revert TC 8.38 ..please pingback when tomcat fixed this problem


*gruss*

Martin
____________



________________________________
From: info@flyingfischer.ch <info@flyingfischer.ch>
Sent: Saturday, December 3, 2016 8:18 AM
To: Struts Developers List
Subject: Re: Valid characters in http requets: Tomcat 8.38 -> 8.39

Sorry! Wrong mailing list...

Markus

Am 03.12.2016 um 13:56 schrieb Lukasz Lenart:
> Is it related to Apache Struts?
>
>
> Cheers
> Lukasz
>
> 2016-12-03 12:47 GMT+01:00 info@flyingfischer.ch <info@flyingfischer.ch>:
>> Between Tomcat 8.38 und 8.39 there seems to be a change in handling URL
>> parameters:
>>
>> &paramxy=1|2
>>
>> This will cause Tomcat to return a 400 error since 8.39. It is the character
>> "|" that causes the new behaviour. I suspect these changes:
>>
>> https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360
[https://avatars3.githubusercontent.com/u/4690029?v=3&s=200]<https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360>

Add additional checks for valid characters to the HTTP request line ยท apache/tomcat@516bda6<https://github.com/apache/tomcat/commit/516bda676ac8d0284da3e0295a7df70391315360>
github.com
parsing so invalid request lines are rejected sooner. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1767641
13f79535-47bb-0310-9956-ffa450edef68



>>
>> First thing to know:
>>
>> Is this intended?
>>
>> Second:
>>
>> Anyway to restore the previous behaviour of 8.38 with a config option.
>>
>> Thanks for considering!
>>
>> Best regards
>> Markus
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message