This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 80a392aeec Expand protection for apps using SSI
80a392aeec is described below
commit 80a392aeec048705c4ec41cef547dac62a4e783a
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 15 13:16:37 2026 +0100
Expand protection for apps using SSI
---
java/org/apache/catalina/ssi/SSIServletExternalResolver.java | 3 ++-
webapps/docs/changelog.xml | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
index 18a784a3c7..7bb0cda783 100644
--- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
+++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
@@ -183,7 +183,8 @@ public class SSIServletExternalResolver implements
SSIExternalResolver {
*/
protected boolean isNameReserved(String name) {
return name.startsWith("java.") || name.startsWith("javax.") ||
name.startsWith("sun.") ||
- name.startsWith("jakarta.");
+ name.startsWith("jakarta.") ||
name.startsWith("org.apache.catalina.") ||
+ name.startsWith("org.apache.tomcat.");
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bd778228e4..299bd6266d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -272,7 +272,8 @@
Fix a potential deadlock when copying resources using WebDAV. (markt)
</fix>
<fix>
- Add <code>jakarta.</code> to the list of reserved prefixes for SSI
+ Add <code>jakarta.</code>, <code>org.apache.catalina.</code> and
+ <code>org.apache.tomcat.</code>to the list of reserved prefixes for SSI
variables and request attributes. (markt)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
