svn commit: r1838843 - in /tomcat/jk/trunk: conf/httpd-jk.conf xdocs/miscellaneous/changelog.xml xdocs/reference/apache.xml xdocs/reference/iis.xml xdocs/webserver_howto/apache.xml

Fri, 24 Aug 2018 06:00:26 -0700 

Author: markt
Date: Fri Aug 24 13:00:12 2018
New Revision: 1838843

URL: http://svn.apache.org/viewvc?rev=1838843&view=rev
Log:
Update the docs to note that CollapseSlashes options no longer have an effect 
(effectively hard-coded to all)

Modified:
    tomcat/jk/trunk/conf/httpd-jk.conf
    tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
    tomcat/jk/trunk/xdocs/reference/apache.xml
    tomcat/jk/trunk/xdocs/reference/iis.xml
    tomcat/jk/trunk/xdocs/webserver_howto/apache.xml

Modified: tomcat/jk/trunk/conf/httpd-jk.conf
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/conf/httpd-jk.conf?rev=1838843&r1=1838842&r2=1838843&view=diff
==============================================================================
--- tomcat/jk/trunk/conf/httpd-jk.conf (original)
+++ tomcat/jk/trunk/conf/httpd-jk.conf Fri Aug 24 13:00:12 2018
@@ -48,12 +48,6 @@ LoadModule jk_module modules/mod_jk.so
     # Since: 1.2.24
     # JkOptions +RejectUnsafeURI
 
-    # This option will collapse multiple adjacent slashes
-    # in request URLs before looking for mount or unmount
-    # matches.
-    # Since: 1.2.41
-    # JkOptions +CollapseSlashesAll
-
     # After setting JkStripSession to "On", mod_jk will
     # strip all ";jsessionid=..." from request URLs it
     # does *not* forward to a backend.

Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1838843&r1=1838842&r2=1838843&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Fri Aug 24 13:00:12 2018
@@ -83,6 +83,11 @@
         the normalisation implementation for mod_jk with that implemented by
         Tomcat. (markt)
       </fix>
+      <add>
+        Add a note to the documentation that the CollapseSlashes options are
+        now effectively hard-coded to CollpaseSlashesAll due to the changes
+        made to align normalization with that implemented in Tomcat. (markt)
+      </add>
    </changelog>
   </subsection>
 </section>

Modified: tomcat/jk/trunk/xdocs/reference/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/apache.xml?rev=1838843&r1=1838842&r2=1838843&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/reference/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/reference/apache.xml Fri Aug 24 13:00:12 2018
@@ -800,37 +800,18 @@ but also slightly more complicated.
 </p>
 
 <p>
-JkOptions <b>CollapseSlashesAll</b> will collapse multiple
-adjacent slashes in request URLs before looking for mount or unmount
-matches.
-<source>
-  JkOptions     +CollapseSlashesAll
-</source>
-<br/>
-<br/>
+JkOptions <b>CollapseSlashesAll</b> is deprecated as of 1.2.44 and will be
+ignored if used.
 </p>
 
 <p>
-JkOptions <b>CollapseSlashesUnmount</b> will collapse multiple
-adjacent slashes in request URLs only before looking for unmount
-matches. This is the default value.
-<source>
-  JkOptions     +CollapseSlashesUnmount
-</source>
-<br/>
-<br/>
+JkOptions <b>CollapseSlashesUnmount</b> is deprecated as of 1.2.44 and will be
+ignored if used.
 </p>
 
 <p>
-JkOptions <b>CollapseSlashesNone</b> will never collapse multiple
-adjacent slashes in request URLs before looking for mount or unmount
-matches. Using this value might make you vulnerable for attacks
-bypassing your unmount rules.
-<source>
-  JkOptions     +CollapseSlashesNone
-</source>
-<br/>
-<br/>
+JkOptions <b>CollapseSlashesNone</b> is deprecated as of 1.2.44 and will be
+ignored if used.
 </p>
 
 <p>

Modified: tomcat/jk/trunk/xdocs/reference/iis.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/iis.xml?rev=1838843&r1=1838842&r2=1838843&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/reference/iis.xml (original)
+++ tomcat/jk/trunk/xdocs/reference/iis.xml Fri Aug 24 13:00:12 2018
@@ -207,20 +207,14 @@ The default value is false.
 <p>This directive has been added in version 1.2.24</p>
 </attribute>
 <attribute name="collapse_slashes" required="false"><p>
-One of the string values "all", "none" or "unmount".
-It controls whether multiple adjacent slashes in request URLs are
-collapsed before looking for a mount or unmount match.
-</p>
-<p>
-Value "all" will result in collapsing before mount and unmount
-checks, value "none" will result in never collapsing, value
-"unmount" will check mount rules without collapsing but unmount
-with collapsing.
+This options is deprecated as of 1.2.44 and will be ignored if used.
 </p>
 <p>
 Before version 1.2.41 collapsing was never done. Starting with
 version 1.2.41 collapsing before looking for unmount matches
 is the default to prevent easy bypassing of unmount rules.
+As of 1.2.44, collpasing is always performed before looking for mount
+or unmount rules.
 </p>
 <p>This directive has been added in version 1.2.41</p>
 </attribute>

Modified: tomcat/jk/trunk/xdocs/webserver_howto/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/webserver_howto/apache.xml?rev=1838843&r1=1838842&r2=1838843&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/webserver_howto/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/webserver_howto/apache.xml Fri Aug 24 13:00:12 2018
@@ -558,37 +558,18 @@ but also slightly more complicated.
 </p>
 
 <p>
-JkOptions <b>CollapseSlashesAll</b> will collapse multiple
-adjacent slashes in request URLs before looking for mount or unmount
-matches.
-<source>
-  JkOptions     +CollapseSlashesAll
-</source>
-<br/>
-<br/>
+JkOptions <b>CollapseSlashesAll</b> is deprecated as of 1.2.44 and will be
+ignored if used.
 </p>
 
 <p>
-JkOptions <b>CollapseSlashesUnmount</b> will collapse multiple
-adjacent slashes in request URLs only before looking for unmount
-matches. This is the default value.
-<source>
-  JkOptions     +CollapseSlashesUnmount
-</source>
-<br/>
-<br/>
+JkOptions <b>CollapseSlashesUnmount</b> is deprecated as of 1.2.44 and will be
+ignored if used.
 </p>
 
 <p>
-JkOptions <b>CollapseSlashesNone</b> will never collapse multiple
-adjacent slashes in request URLs before looking for mount or unmount
-matches. Using this value might make you vulnerable for attacks
-bypassing your unmount rules.
-<source>
-  JkOptions     +CollapseSlashesNone
-</source>
-<br/>
-<br/>
+JkOptions <b>CollapseSlashesNone</b> is deprecated as of 1.2.44 and will be
+ignored if used.
 </p>
 
 <p>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to