[Bug 63104] As per servlet api doc ServletContext.getResource should throw MalformedURLException but for some urls tomcat 8 is throwing IllegalArgumentException which is deviation for api.

bugzilla Thu, 24 Jan 2019 09:32:45 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=63104


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Change in behaviour between major versions is to be expected.

To repeat:
Tomcat has opted to throw an IAE in an attempt to make it clear that something
has gone badly wrong. Trying to step outside the web application root can be an
indication of a path traversal attack.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63104] As per servlet api doc ServletContext.getResource should throw MalformedURLException but for some urls tomcat 8 is throwing IllegalArgumentException which is deviation for api.

Reply via email to