https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #6 from Mark Thomas ---
It currently looks like this is fixable. PR at
https://github.com/apache/tomcat/pull/417
Need to allow time for the Tomcat community to review the PR.
--
You are receiving this mail because:
You are the as
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #5 from Mark Thomas ---
I've started to look at this. So far I have spotted a couple of minor issues
with the current parsing that I need to fix. Commits for those will follow
shortly.
I haven't yet found any reason not to allow LF
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #4 from Miguel ---
(In reply to Mark Thomas from comment #3)
> This stricter parsing was introduced as part of the fix for CVE-2020-1935.
>
> Because the fix was in response to a security issue, that makes it a lot
> less likely th
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #3 from Mark Thomas ---
This stricter parsing was introduced as part of the fix for CVE-2020-1935.
Because the fix was in response to a security issue, that makes it a lot less
likely the current behaviour will be changed.
I'll n
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
--- Comment #2 from Miguel ---
(In reply to Michael Osipov from comment #1)
> How old are those systems?
I haven't the data. But I see that HTTP request are 1.0 version... then is very
old...
We have some legacy systems. One of these is a SMS
https://bz.apache.org/bugzilla/show_bug.cgi?id=65272
Michael Osipov changed:
What|Removed |Added
OS||All
--- Comment #1 from Michael Osipo
