tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: [tomcat] branch master updated: Only decode in standard mode.
Date Tue, 17 Sep 2019 18:29:53 GMT
On 01/08/2019 22:55, wrote:
> This is an automated email from the ASF dual-hosted git repository.
> markt pushed a commit to branch master
> in repository
> The following commit(s) were added to refs/heads/master by this push:
>      new 9fd972c  Only decode in standard mode.
> 9fd972c is described below
> commit 9fd972c931cf3ce8829a69437b7340f9b0e1e731
> Author: Mark Thomas <>
> AuthorDate: Thu Aug 1 22:54:41 2019 +0100
>     Only decode in standard mode.
>     The seamless decoding of both standard and URL-safe mode no longer works
>     as expected in some cases when one of the two characters from the other
>     mode appear in the encoded data. This is because rather than ignoring
>     the unexpected "-" or "_" it gets decoded and if the result is invalid
>     an exception is thrown due to the fix for CODEC-134.
>     Tomcat doesn't use URL-safe mode so simply disable it.

I've discovered some TCK failures as a result of this change. The
HTTP2-Settings header present in an HTTP upgrade for h2c uses the
URL-safe form of base64 encoding.

The good news is that it is only h2c that is affected so the impact on
end users should be minimal.

I think I am going to have to tweak the codec so that users can opt for
standard or URL-safe mode as required. That looks doable without too
invasive a change. I'll look into applying the fix upstream.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message