Bug 63829 - CompressionConfig does compare request header values for complete tokens case-insensitively
Summary: CompressionConfig does compare request header values for complete tokens case...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Connectors (show other bugs)
Version: 9.0.x
Hardware: All All
: P2 major (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-10 09:25 UTC by Michael Osipov
Modified: 2019-10-23 09:32 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2019-10-10 09:25:11 UTC
Based on the discussion here: https://www.mail-archive.com/dev@tomcat.apache.org/msg136990.html

This is similar to 63825 and 63824. 
The class does neither compare case-insensitively as required by the appropriate RFC not does it compare complete tokens split at the comma.
Comment 1 Mark Thomas 2019-10-23 09:32:55 UTC
Fixed in:
- master for 9.0.28 onwards
- 8.5.x for 8.5.48 onwards
- 7.0.x for 7.0.98 onwards