https://bz.apache.org/bugzilla/show_bug.cgi?id=58999
--- Comment #5 from Violeta Georgieva <violet...@apache.org> --- (In reply to Rainer Jung from comment #4) > Thanks to the OP for analysing the problem and to Violeta for the patch. > > Please have a look at r1730101, which fixes the > StringIndexOutOfBoundsException. > > The onyl problem I saw was the charAt(), because indeed the index could have > been to big. For the startsWith(), this can not happen, because the given > index is always equals to the known minimal length of the string (one more > than the last index of the string). Javadoc tells us this is allowed, even > an index bigger than the string length is allowed here: "The result is false > if toffset is negative or greater than the length of this String object". > > Concerning the filtering, when the name parameter is exactly equals to one > of the denied package names (package names to filter), IMHO it is OK to > permit them unless they are followed by a sub package, class or resource > name. I see no harm in permitting the package names without anything after > them. > > If you agree, I'll backport. Thanks, Violeta -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
