https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #21 from Mark Thomas <ma...@apache.org> --- In its current form? Unlikely. A quick look identifies several issues: - The patch no longer applies cleanly. It needs to be updated to work with the latest 9.0.x code. - The optional configuration is inherently insecure. I'd consider vetoing a commit that implemented this. - The IP address parsing is not robust. Tomcat provides robust parsers in org.apache.tomcat.util.http.parser - This looks to be significantly more complex to implement for APR/Native. That may not be an issue on the basis APR/Native may be dropped in Tomcat 10 onwards. - No documentation - I haven't looked at the overall design because the patch didn't apply. There may be additional concerns. Generally, when there appears to be a low level of interest in an enhancement the closer a patch is to being able to be simply reviewed and committed without additional changes the more likely it is to be applied. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
