tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites
Date Thu, 25 May 2017 14:27:33 GMT

--- Comment #21 from Coty Sutherland <> ---
Can anyone see any adverse affects to adding angle brackets to the whitelist? I
have a customer that is using unencoded angle brackets around their session IDs
in the URL which they can't change at this point and the CVE fix broke their
application. If there aren't any adverse affects I'll add them to the list for
my distribution, and to tomcat if anyone else needs them.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message