This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
from 806195b Revert local change made for load testing
new 44ec74c Escape debug output to aid readability
new 251f61d Escape error message to aid readability
new 823d462 Use constants for encoding types
new 6664438 Limit CGI command line arguments
new 7f0221b Limit CGI command line arguments
new ec48c62 Test CGI decoded command line argument pattern
new 841d5b2 Disable enableCmdLineArguments be default. Hardening for
CVE-2019-0232
The 11958 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
conf/web.xml | 22 +++++
java/org/apache/catalina/servlets/CGIServlet.java | 87 ++++++++++++++++--
.../catalina/servlets/LocalStrings.properties | 2 +
java/org/apache/catalina/ssi/SSIEcho.java | 15 ++-
java/org/apache/catalina/ssi/SSIMediator.java | 13 ++-
java/org/apache/catalina/ssi/SSIPrintenv.java | 5 +-
.../servlets/TestCGIServletCmdLineArguments.java | 101 +++++++++++++++++++++
webapps/docs/cgi-howto.xml | 19 +++-
webapps/docs/changelog.xml | 26 ++++++
webapps/docs/security-howto.xml | 8 ++
10 files changed, 272 insertions(+), 26 deletions(-)
create mode 100755
test/org/apache/catalina/servlets/TestCGIServletCmdLineArguments.java
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
