This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new fbca566e53 Expand protection for apps using SSI
fbca566e53 is described below
commit fbca566e53de180013c373e366aa492b5514a550
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 15 13:16:37 2026 +0100
Expand protection for apps using SSI
---
java/org/apache/catalina/ssi/SSIServletExternalResolver.java | 3 ++-
webapps/docs/changelog.xml | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
index cbf3c94096..9b41bfa5b3 100644
--- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
+++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
@@ -182,7 +182,8 @@ public class SSIServletExternalResolver implements
SSIExternalResolver {
*/
protected boolean isNameReserved(String name) {
return name.startsWith("java.") || name.startsWith("javax.") ||
name.startsWith("sun.") ||
- name.startsWith("jakarta.");
+ name.startsWith("jakarta.") ||
name.startsWith("org.apache.catalina.") ||
+ name.startsWith("org.apache.tomcat.");
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5c2bb256cb..c938f50d94 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -379,7 +379,8 @@
Fix a potential deadlock when copying resources using WebDAV. (markt)
</fix>
<fix>
- Add <code>jakarta.</code> to the list of reserved prefixes for SSI
+ Add <code>jakarta.</code>, <code>org.apache.catalina.</code> and
+ <code>org.apache.tomcat.</code>to the list of reserved prefixes for SSI
variables and request attributes. (markt)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
