[Bug 62761] CORS filter is not working in tomcat 9.0.11 and 9.0.12

bugzilla Wed, 26 Sep 2018 06:43:20 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=62761


Konstantin Kolinko <knst.koli...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #2 from Konstantin Kolinko <knst.koli...@gmail.com> ---
Your configuration is insecure and exposes you to the issue specified in
CVE-2018-8014 (bug 62343).

This is no longer allowed.

BTW, the "more advanced configuration" example at [1](9.0.12) [2](nightly)
suffers from the same issue as your configuration and should be updated.

[1]
http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Add_Default_Character_Set_Filter/Initialisation_parameters
[2]
https://ci.apache.org/projects/tomcat/tomcat9/docs/config/filter.html#CORS_Filter

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62761] CORS filter is not working in tomcat 9.0.11 and 9.0.12

Reply via email to