https://bz.apache.org/bugzilla/show_bug.cgi?id=62667
Remy Maucherat <r...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #7 from Remy Maucherat <r...@apache.org> ---
I added the "feature"/bugfix for 9.0.12 and 8.5.34.
I have no idea what the language from the comment "For security reasons we must
never expand a string that includes verbatim data from the network." means
since well, that's the point and this BZ asks for ${portals:%{HTTP_HOST}}
(%{HTTP_HOST} is clearly verbatim network data). Comments ? Maybe it means you
shouldn't parse network data (only evaluate), but that's not the case here
obviously: the configuration is parsed on valve start and that's it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
