This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 7fc16d1 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63320
Ensure that StatementCache caches statements that include arrays in arguments.
new 4fcdf70 Escape debug output to aid readability
new 8db79d0 Escape error message to aid readability
new 80a709a Use constants for encoding types
new 1c1d49e Limit CGI command line arguments
new 5bc4e6d Limit CGI command line arguments
new a8ebe68 Test CGI decoded command line argument pattern
new 5af4ef5 Disable enableCmdLineArguments be default. Hardening for
CVE-2019-0232
The 19143 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
conf/web.xml | 22 +++++
java/org/apache/catalina/servlets/CGIServlet.java | 88 ++++++++++++++++--
.../catalina/servlets/LocalStrings.properties | 2 +
java/org/apache/catalina/ssi/SSIEcho.java | 15 ++-
java/org/apache/catalina/ssi/SSIMediator.java | 13 ++-
java/org/apache/catalina/ssi/SSIPrintenv.java | 3 +-
.../servlets/TestCGIServletCmdLineArguments.java | 101 +++++++++++++++++++++
webapps/docs/cgi-howto.xml | 19 +++-
webapps/docs/changelog.xml | 26 ++++++
webapps/docs/security-howto.xml | 8 ++
10 files changed, 272 insertions(+), 25 deletions(-)
create mode 100755
test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
