Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.3.1.Final, 2.2.22.Final
Affects Version/s: 2.2.13.Final, 2.2.20.SP1
Component/s: Servlet
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1391, https://github.com/undertow-io/undertow/pull/1407

Top level WEB-INF and META-INF directories should not be exposed. But other application sub directories may be named this and should in theory be allowed. These were allowed prior to ~~UNDERTOW-1981~~.

is caused by

UNDERTOW-1981 Unify DefaultServlet & ServletInitialHandler in handling forbidden subpaths

Resolved

is cloned by

JBEAP-24093 [GSS](7.4.z) UNDERTOW-2186 - Application sub directories named WEB-INF or META-INF are no longer served

Closed

Assignee:: Flavia Rainone

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/10/18 9:43 PM

Updated:: 2022/12/09 11:23 AM

Resolved:: 2022/11/15 4:11 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates