https://bz.apache.org/bugzilla/show_bug.cgi?id=58999
--- Comment #4 from Rainer Jung <rainer.j...@kippdata.de> --- Thanks to the OP for analysing the problem and to Violeta for the patch. Please have a look at r1730101, which fixes the StringIndexOutOfBoundsException. The onyl problem I saw was the charAt(), because indeed the index could have been to big. For the startsWith(), this can not happen, because the given index is always equals to the known minimal length of the string (one more than the last index of the string). Javadoc tells us this is allowed, even an index bigger than the string length is allowed here: "The result is false if toffset is negative or greater than the length of this String object". Concerning the filtering, when the name parameter is exactly equals to one of the denied package names (package names to filter), IMHO it is OK to permit them unless they are followed by a sub package, class or resource name. I see no harm in permitting the package names without anything after them. If you agree, I'll backport. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
