This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new f214f66f25 Fix last remaining double decoding issue
f214f66f25 is described below
commit f214f66f2595db6ff2aac51adcf7f65e7be0834a
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 4 17:04:02 2026 +0100
Fix last remaining double decoding issue
---
java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java | 2 +-
webapps/docs/changelog.xml | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
index e4efd758fe..d89ff7de16 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
@@ -608,7 +608,7 @@ public class SecurityConstraint extends XmlEncodingBase
implements Serializable
}
if (create) {
- collection.addPattern(urlPattern);
+ collection.addPatternDecoded(urlPattern);
constraint.addCollection(collection);
return constraint;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2d7e5dac04..4603593a61 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -235,6 +235,10 @@
Improve the detection of cross-context dispatches when using a
<code>RequestDispatcher</code>. (markt)
</fix>
+ <fix>
+ Fix various instances of double decoding of URL patterns configured
+ either programmatically or in web.xml. (remm/markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
