On 01/08/2019 22:55, ma...@apache.org wrote: > This is an automated email from the ASF dual-hosted git repository. > > markt pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/master by this push: > new 9fd972c Only decode in standard mode. > 9fd972c is described below > > commit 9fd972c931cf3ce8829a69437b7340f9b0e1e731 > Author: Mark Thomas <ma...@apache.org> > AuthorDate: Thu Aug 1 22:54:41 2019 +0100 > > Only decode in standard mode. > > The seamless decoding of both standard and URL-safe mode no longer works > as expected in some cases when one of the two characters from the other > mode appear in the encoded data. This is because rather than ignoring > the unexpected "-" or "_" it gets decoded and if the result is invalid > an exception is thrown due to the fix for CODEC-134. > Tomcat doesn't use URL-safe mode so simply disable it.
I've discovered some TCK failures as a result of this change. The HTTP2-Settings header present in an HTTP upgrade for h2c uses the URL-safe form of base64 encoding. The good news is that it is only h2c that is affected so the impact on end users should be minimal. I think I am going to have to tweak the codec so that users can opt for standard or URL-safe mode as required. That looks doable without too invasive a change. I'll look into applying the fix upstream. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org