Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Done
Priority: Optional
Fix Version/s: 8.0 Update 2.1
Affects Version/s: None
Component/s: Undertow
Labels:
- downstream_dependency
- regression_test_only

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

8.0.z.GA
Test Coverage:

-
Git Pull Request:
https://github.com/undertow-io/undertow/pull/1580
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

At that method, there is a block that iterates through the path

// verify content of request pseudo-headers. Each header should only have a single value.
if (headers.contains(PATH)) {
    for (byte b: headers.get(PATH).getFirst().getBytes(ISO_8859_1)) {
        if (!allowUnescapedCharactersInUrl && !HttpRequestParser.isTargetCharacterAllowed((char)b)){
            return false;
        }
    }
}

Iterating is unnecessary when allowUnescapedCharactersInUrl is true.

clones

JBEAP-26972 (7.4.z) UNDERTOW-2374 - At Http2ReceiveListener.checkRequestHeaders do not check path chars when unescaped characters are allowed

Closed

incorporates

UNDERTOW-2374 At Http2ReceiveListener.checkRequestHeaders do not check path chars when unescaped characters are allowed

Closed

is incorporated by

JBEAP-26817 (8.0.z) Upgrade undertow from 2.3.11.SP1-redhat-00001 to 2.3.14.SP1

Closed

Assignee:: Lin Gao

Reporter:: Lin Gao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/04/19 2:20 PM

Updated:: 2024/08/19 1:58 PM

Resolved:: 2024/04/22 1:15 AM