Hi all,
I found that commit a102a2a1 alone introduces a regression in AJP secret
validation, with which all requests with a valid secret get rejected with
403.
The upstream follow-up commit a90c358400c1 ("Follow-up to AJP switch to
constant time for secret comparison") on the 10.1.x branch fixes this.Raising this since I think it's worth mentioning in the "Fixed in Apache Tomcat 10.1.55" section. Kind regards, Dimitris
