This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 03e07d858c Change default for Context.encodedSolidusHandling from
decode to reject
03e07d858c is described below
commit 03e07d858c82bdaff76a78d3b5dd05e862e7e727
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 23 12:22:36 2025 +0000
Change default for Context.encodedSolidusHandling from decode to reject
---
java/org/apache/catalina/Context.java | 4 ++--
java/org/apache/catalina/core/StandardContext.java | 2 +-
webapps/docs/changelog.xml | 5 +++++
webapps/docs/config/context.xml | 4 +---
4 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/catalina/Context.java
b/java/org/apache/catalina/Context.java
index 9cc19c5369..0cba70f08a 100644
--- a/java/org/apache/catalina/Context.java
+++ b/java/org/apache/catalina/Context.java
@@ -1915,7 +1915,7 @@ public interface Context extends Container, ContextBind {
* @return Obtain the current configuration for the handling of encoded
solidus characters
*/
default String getEncodedSolidusHandling() {
- return EncodedSolidusHandling.DECODE.getValue();
+ return EncodedSolidusHandling.REJECT.getValue();
}
@@ -1937,6 +1937,6 @@ public interface Context extends Container, ContextBind {
* @return Obtain the current configuration for the handling of encoded
solidus characters
*/
default EncodedSolidusHandling getEncodedSolidusHandlingEnum() {
- return EncodedSolidusHandling.DECODE;
+ return EncodedSolidusHandling.REJECT;
}
}
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index a06014d052..b7ebe63eca 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -803,7 +803,7 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
private EncodedSolidusHandling encodedReverseSolidusHandling =
EncodedSolidusHandling.DECODE;
- private EncodedSolidusHandling encodedSolidusHandling =
EncodedSolidusHandling.DECODE;
+ private EncodedSolidusHandling encodedSolidusHandling =
EncodedSolidusHandling.REJECT;
// ----------------------------------------------------- Context Properties
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3f2f3b030f..4f4149c099 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,6 +133,11 @@
the default servlet. It is now effectively hard coded to
<code>true</code>. (markt)
</fix>
+ <update>
+ Change the default for the <code>encodedSolidusHandling</code>
attribute
+ of <strong>Context</strong> from <code>decode</code> to
+ <code>reject</code>. (markt)
+ </update>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
<update>
Add <code>tableName</code> configuration on the
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index cf6fa6936d..1e1b4f99e6 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -444,9 +444,7 @@
also be processed with the <code>%25</code> sequence unchanged
to avoid potential corruption and/or decoding failure when the path is
subsequently <code>%nn</code> decoded by the application.</p>
- <p>If not specified, the default value is <code>decode</code>. This
- default will change to <code>reject</code> (to align with the
- <strong>Connector</strong>) in Tomcat 12.</p>
+ <p>If not specified, the default value is <code>reject</code>.</p>
</attribute>
<attribute name="failCtxIfServletStartFails" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
