Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: 7.4.24.GA
Affects Version/s: 7.4.23.GA
Component/s: Undertow
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.backlog.GA
Steps to Reproduce:
Hide

Start JBoss with attached standalone-ha.xml

Deploy jbeap-30975.war

Test like so and the app should fetch getQueryString and print that back out still undecoded:

$ curl -v localhost:8080/jbeap-30975/?test=%7Bfoobar ... <html> <head>test=%7Bfoobar </head> </html>

Without the fix, this is decoded:

<html> <head>test={foobar </head> </html>
Show
Start JBoss with attached standalone-ha.xml Deploy jbeap-30975.war Test like so and the app should fetch getQueryString and print that back out still undecoded: $ curl -v localhost:8080/jbeap-30975/?test=%7Bfoobar ... <html> <head>test=%7Bfoobar </head> </html> Without the fix, this is decoded: <html> <head>test={foobar </head> </html>
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When UndertowOptions.ALLOW_UNESCAPED_CHARACTERS is enabled, we want to follow that config as part of Undertow's internal contract when, for example, printing the request in the AccessLog.

This relates to ~~UNDERTOW-2312~~ and other related issues, for a full list, please se linked issues.

The previous fixes are reflecting on the getQueryString implementation of apis such as Servlet, and this is causing malfunction for users that rely on frameworks that are build on top of those APIs.

For that reason, the previous fixes need to be carefully reviewed so that we don't create a regression in those Jiras while also amending the behavior of HttpServerExchange.getQueryString(), the method that is used by Undertow to reply to any request on the query string done via APIs such as HttpServletRequest.getQueryString(), and any related code that might have the same effect.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

jbeap-30975.war
2025/09/19 6:41 PM
0.5 kB
Aaron Ogburn
standalone-ha.xml
2025/09/19 6:41 PM
34 kB
Aaron Ogburn

clones

JBEAP-30946 [GSS](8.0.z) UNDERTOW-2609 - Previous fixes in the handling of decoded characters in query requests reflect in getQueryString of APIs

is caused by

UNDERTOW-2312 multibytes language in URL request to http/https are broken in EAP access log.

Closed

UNDERTOW-2555 AJP Redirect with unescaped characters in URL is not encoded

Closed

UNDERTOW-2567 Decoding of query strings with unescaped characters does not work in HTTP2 upgrade

Closed

Assignee:: Flavia Rainone

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/09/16 2:05 PM

Updated:: 2025/09/19 6:41 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates