Summary: | Rfc6265CookieProcessor mishandles commas in $Version=1 cookie header | ||
---|---|---|---|
Product: | Tomcat 9 | Reporter: | WJCarpenter <bill-apache> |
Component: | Util | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 9.0.36 | ||
Target Milestone: | ----- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | test code |
Description
WJCarpenter
2020-06-09 20:26:23 UTC
Thanks for the reminder. I've added 9.0.36 to the list of versions and updated the version for this issue. I'll look at the detail of the report next. Fixed in: - master for 10.0.0-M7 onwards - 9.0.x for 9.0.37 onwards - 8.5.x for 8.5.57 onwards 7.0.x is not affected. Thanks for the report. You were right about the location of the bug. There were a couple of other places the same bug was present. I've fixed them an added a parameterised test case that should test all combinations. Thanks for the quick action on this. |