This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a7a4c835f7 Fix last remaining double decoding issue
a7a4c835f7 is described below
commit a7a4c835f78f755c9cfdf38d9317efa2f1ea0440
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 4 17:04:02 2026 +0100
Fix last remaining double decoding issue
---
java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java | 2 +-
webapps/docs/changelog.xml | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
index 0451582d01..785a352d0b 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
@@ -610,7 +610,7 @@ public class SecurityConstraint extends XmlEncodingBase
implements Serializable
}
if (create) {
- collection.addPattern(urlPattern);
+ collection.addPatternDecoded(urlPattern);
constraint.addCollection(collection);
return constraint;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7ecdc5914e..1d40a6cbd4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -342,6 +342,10 @@
Improve the detection of cross-context dispatches when using a
<code>RequestDispatcher</code>. (markt)
</fix>
+ <fix>
+ Fix various instances of double decoding of URL patterns configured
+ either programmatically or in web.xml. (remm/markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
