Summary: | Http11Processor does not compare request header values for complete tokens | ||
---|---|---|---|
Product: | Tomcat 8 | Reporter: | Michael Osipov <michaelo> |
Component: | Connectors | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | michaelo |
Priority: | P2 | ||
Version: | 8.5.x-trunk | ||
Target Milestone: | ---- | ||
Hardware: | All | ||
OS: | All |
Description
Michael Osipov
2019-10-09 21:21:21 UTC
Fixed in: - master for 9.0.28 onwards - 8.5.x for 8.5.48 onwards - 7.0.x for 7.0.98 onwards I am afraid I need to reopen this one because of this missed spot: https://github.com/apache/tomcat/blob/master/java/org/apache/coyote/http11/Http11Processor.java#L599-L608 Thanks for catching that. I've refactored the code a little and expanded it to cover the request header case. Performance testing indicates neutral to marginally positive effect. (In reply to Mark Thomas from comment #3) > Thanks for catching that. I've refactored the code a little and expanded it > to cover the request header case. > > Performance testing indicates neutral to marginally positive effect. Brilliant, only compression config left. |