https://bz.apache.org/bugzilla/show_bug.cgi?id=60594
--- Comment #10 from Mark Thomas <ma...@apache.org> --- Thanks for the updated patch. I like the overall design. Some detail comments: - I think a different name is required. We might want to override other restrictions in the future. Maybe requestTargetAllow - The docs need to state which characters are valid in the allowed list - What to do if some other invalid character is placed on the allowed list. Log a warning? - I'm still undecided on whether this should be per connector configuration We also need to decide which versions to add this to. I currently thinking: - 7.0.x - yes - 8.0.x - yes - 8.5.x - maybe - 9.0.x - no -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
