Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-720

[GSS](3.1.0 one-off) RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • JWS 3.1.0 CR4
    • tomcat7
    • None
    • Hide
      PATCH NAME:
              JWS-720
      PRODUCT NAME:
              JBoss Web Server
      VERSION:
              3.1.0
      SHORT DESCRIPTION:
              One-off patch for JWS-720
      LONG DESCRIPTION:

          RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

      MANUAL INSTALL INSTRUCTIONS:

      Backup the following files with the files included in this patch:

          $JWS_HOME/tomcat7/conf/catalina.properties
          $JWS_HOME/tomcat7/lib/tomcat-coyote.jar
          $JWS_HOME/tomcat7/webapps/docs/config/systemprops.html
          $JWS_HOME/tomcat7/webapps/docs/changelog.html

      Extract the patched files by either:

          Using unzip:
              unzip -d $JWS_HOME/ JWS-720.zip

          Or by extracting the files from the zip and moving them to the following location:
              $JWS_HOME/tomcat7/conf/catalina.properties
              $JWS_HOME/tomcat7/lib/tomcat-coyote.jar
              $JWS_HOME/tomcat7/webapps/docs/config/systemprops.html
              $JWS_HOME/tomcat7/webapps/docs/changelog.html

      To uninstall, restore the backup copy of the files to the location mentioned above.

      COMPATIBILITY:
              None
      DEPENDENCIES:
              JWS 3.1.0
      SUPERSEDES:
              None
      SUPERSEDED BY:
              None
      CREATOR:
              Coty Sutherland
      DATE:
              25th May 2017
      Show
      PATCH NAME:          JWS-720 PRODUCT NAME:         JBoss Web Server VERSION:         3.1.0 SHORT DESCRIPTION:         One-off patch for JWS-720 LONG DESCRIPTION:     RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites MANUAL INSTALL INSTRUCTIONS: Backup the following files with the files included in this patch:     $JWS_HOME/tomcat7/conf/catalina.properties     $JWS_HOME/tomcat7/lib/tomcat-coyote.jar     $JWS_HOME/tomcat7/webapps/docs/config/systemprops.html     $JWS_HOME/tomcat7/webapps/docs/changelog.html Extract the patched files by either:     Using unzip:         unzip -d $JWS_HOME/ JWS-720 .zip     Or by extracting the files from the zip and moving them to the following location:         $JWS_HOME/tomcat7/conf/catalina.properties         $JWS_HOME/tomcat7/lib/tomcat-coyote.jar         $JWS_HOME/tomcat7/webapps/docs/config/systemprops.html         $JWS_HOME/tomcat7/webapps/docs/changelog.html To uninstall, restore the backup copy of the files to the location mentioned above. COMPATIBILITY:         None DEPENDENCIES:         JWS 3.1.0 SUPERSEDES:         None SUPERSEDED BY:         None CREATOR:         Coty Sutherland DATE:         25th May 2017

      We need to backport the following to limit customer issues from the CVE-2016-6816 fix:

      https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

      tomcat7
      http://svn.apache.org/r1782043
      http://svn.apache.org/r1782246

        1. JWS-720.zip
          874 kB

              rh-eaguilar Ezequiel Aguilar
              rhn-support-aogburn Aaron Ogburn
              Coty Sutherland Coty Sutherland
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: