You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/02 17:23:25 UTC
svn commit: r1622033 - in /tomcat/trunk:
test/org/apache/tomcat/util/http/TestCookies.java webapps/docs/changelog.xml
Author: markt
Date: Tue Sep 2 15:23:24 2014
New Revision: 1622033
URL: http://svn.apache.org/r1622033
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55918
The new cookie parser correctly handles control characters in quoted V1 values
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java?rev=1622033&r1=1622032&r2=1622033&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookies.java Tue Sep 2 15:23:24 2014
@@ -439,7 +439,7 @@ public class TestCookies {
@Test
public void disallowControlInV1QuotedValue() {
- // Bug 55917
+ // Bug 55917 / Bug 55918
test(true, "$Version=1; foo=\"b\010r\"");
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1622033&r1=1622032&r2=1622033&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Sep 2 15:23:24 2014
@@ -54,6 +54,11 @@
correctly handle these cookies. (markt)
</fix>
<fix>
+ <bug>55918</bug>: Do not permit control characters to appear in quoted
+ V1 (RFC2109) cookie values. The new RFC6265 based cookie parser must be
+ enabled to correctly handle these cookies. (markt)
+ </fix>
+ <fix>
<bug>56900</bug>: Fix some potential resource leaks when reading
property files reported by Coverity Scan. Based on patches provided by
Felix Schumacher. (markt)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org