tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites
Date Thu, 25 May 2017 14:27:33 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

--- Comment #21 from Coty Sutherland <csutherl@redhat.com> ---
Can anyone see any adverse affects to adding angle brackets to the whitelist? I
have a customer that is using unencoded angle brackets around their session IDs
in the URL which they can't change at this point and the CVE fix broke their
application. If there aren't any adverse affects I'll add them to the list for
my distribution, and to tomcat if anyone else needs them.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message