On 26/08/2024 15:18, Christopher Schultz wrote:
<snip/>
+ <li>Data received by an AJP connector is trusted.</li>
Maybe clarify which data you are talking about? I'm guessing that
"request attributes" and certain headers should be considered trusted,
but the request entity for example is not.
Thanks. Good catch. I've updated the docs.
Any further changes before I add some links to this page from the
security docs?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
