https://bz.apache.org/bugzilla/show_bug.cgi?id=62761
Konstantin Kolinko <knst.koli...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- OS| |All --- Comment #2 from Konstantin Kolinko <knst.koli...@gmail.com> --- Your configuration is insecure and exposes you to the issue specified in CVE-2018-8014 (bug 62343). This is no longer allowed. BTW, the "more advanced configuration" example at [1](9.0.12) [2](nightly) suffers from the same issue as your configuration and should be updated. [1] http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Add_Default_Character_Set_Filter/Initialisation_parameters [2] https://ci.apache.org/projects/tomcat/tomcat9/docs/config/filter.html#CORS_Filter -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org