https://bz.apache.org/bugzilla/show_bug.cgi?id=65895
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
That is an application security vulnerability in the JSP, not an issue with
Tomcat.
The Servlet spec requires that request.getContext() returns the original,
undecoded path.
My assumption is that the Maven plugin is using a version of Tomcat that
doesn't include the fix for bug 57215.
If Jetty isn't returning the original context path then that is an issue for
Jetty.
Generally, applications should be using application.getContextPath() which
returns the canonical context path.
This behaviour is an argument for the deprecation and eventual removal of
request.getContextPath() - or for its behaviour to be changed to match
ServletContext.getContextPath()
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
