https://bz.apache.org/bugzilla/show_bug.cgi?id=60594
--- Comment #4 from Mark Thomas <ma...@apache.org> --- Allowing some of those (e.g. space) is extremely dangerous and should not be allowed under any circumstances. I generally dislike configuration via system property. That said, making this per Connector will be significantly more invasive. Any proposed patch needs to include documentation. That documentation needs to include a very large, very clear warning the deviating from the default is a security risk. If this feature is implemented, I'd prefer to see the option to allow illegal characters limited to a much smaller sub-set. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
