Bug ID: 61489
           Summary: Disable creation of command line parameters from GET
                    parameters in the URL
           Product: Tomcat 9
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
  Target Milestone: -----

Created attachment 35290
Make creation of command line parameters from GET parameters optional

The CGI RFC says, that the server SHOULD create command line arguments from
certain GET parameters.
4.4.  The Script Command Line

I don't like this, because I think, this can be a security risk in certain
I suggest to disable this feature by default, or at least allow to disable it
by configuration.

The proposed patch makes this feature configurable.
The line

private boolean enableCmdLineArguments = false;

makes the feature disabled by default. Putting "= true" would make it enabled
by default.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to