tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: svn commit: r831116 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java webapps/docs/config/systemprops.xml
Date Fri, 06 Nov 2009 16:32:18 GMT
Filip Hanik - Dev Lists wrote:
> The EG group is already receiving reports on the change of breaking apps
> cookie code is simply such, that when you touch it, you break something.
> This seems to be the rule rather than the exception :)
> 
> ---------------------8<----------------------
> 
> just a heads up: We are already receiving reports that this change:
> 
> -    private static final String tspecials = ",; ";
> +    private static final String tspecials = "/()<>@,;:\\\"[]?={} \t";
> 
> 
> is breaking several existing apps.
> 
> We may have to revert it.

That doesn't surprise me at all.

The options and associated defaults in Tomcat 7 should protect our users against
this and if they do hit it, there are options available to disable it.

Mark

> 
> 
> 
> On 10/29/2009 06:46 PM, Konstantin Kolinko wrote:
>> 2009/10/30<markt@apache.org>:
>>   
>>> Author: markt
>>> Date: Thu Oct 29 22:14:26 2009
>>> New Revision: 831116
>>>
>>> URL: http://svn.apache.org/viewvc?rev=831116&view=rev
>>> Log:
>>> Apply Konstantin's review comments
>>>
>>> Modified:
>>>     tomcat/trunk/java/javax/servlet/http/Cookie.java
>>>     tomcat/trunk/webapps/docs/config/systemprops.xml
>>>
>>>      
>> Now it is OK for me.
>>
>> Thank you.
>>
>> Best regards,
>> Konstantin Kolinko
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>
>>    
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message